summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--po/LINGUAS1
-rw-r--r--po/de.po617
-rw-r--r--po/es.po620
-rw-r--r--po/fr.po755
-rw-r--r--po/hu.po617
-rw-r--r--po/id.po617
-rw-r--r--po/it.po617
-rw-r--r--po/ja.po622
-rw-r--r--po/nb.po1577
-rw-r--r--po/nl.po619
-rw-r--r--po/pl.po624
-rw-r--r--po/pt.po617
-rw-r--r--po/ru.po617
-rw-r--r--po/sssd.pot614
-rw-r--r--po/sv.po617
-rw-r--r--po/tg.po617
-rw-r--r--po/uk.po626
-rw-r--r--po/zh_TW.po616
-rw-r--r--src/man/po/cs.po2143
-rw-r--r--src/man/po/es.po2231
-rw-r--r--src/man/po/fr.po2271
-rw-r--r--src/man/po/ja.po2384
-rw-r--r--src/man/po/nl.po2181
-rw-r--r--src/man/po/pt.po2200
-rw-r--r--src/man/po/ru.po2149
-rw-r--r--src/man/po/sssd-docs.pot2098
-rw-r--r--src/man/po/tg.po2152
-rw-r--r--src/man/po/uk.po2344
28 files changed, 22049 insertions, 11714 deletions
diff --git a/po/LINGUAS b/po/LINGUAS
index ed4e165a3..f73dfac7d 100644
--- a/po/LINGUAS
+++ b/po/LINGUAS
@@ -5,6 +5,7 @@ hu
id
it
ja
+nb
nl
pl
pt
diff --git a/po/de.po b/po/de.po
index 56dbe82a3..edcab536e 100644
--- a/po/de.po
+++ b/po/de.po
@@ -9,8 +9,8 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2012-03-12 16:37-0400\n"
-"PO-Revision-Date: 2012-03-08 11:41+0000\n"
+"POT-Creation-Date: 2012-05-11 14:59-0400\n"
+"PO-Revision-Date: 2012-04-20 16:09+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: German <trans-de@lists.fedoraproject.org>\n"
"Language: de\n"
@@ -40,851 +40,910 @@ msgid "Ping timeout before restarting service"
msgstr ""
#: src/config/SSSDConfig.py:44
-msgid "Command to start service"
+msgid ""
+"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
#: src/config/SSSDConfig.py:45
-msgid "Number of times to attempt connection to Data Providers"
+msgid "Command to start service"
msgstr ""
#: src/config/SSSDConfig.py:46
+msgid "Number of times to attempt connection to Data Providers"
+msgstr ""
+
+#: src/config/SSSDConfig.py:47
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig.py:49
+#: src/config/SSSDConfig.py:50
msgid "SSSD Services to start"
msgstr "SSSD-Dienste zum Starten"
-#: src/config/SSSDConfig.py:50
+#: src/config/SSSDConfig.py:51
msgid "SSSD Domains to start"
msgstr "SSSD-Domains zum Starten"
-#: src/config/SSSDConfig.py:51
+#: src/config/SSSDConfig.py:52
msgid "Timeout for messages sent over the SBUS"
msgstr ""
-#: src/config/SSSDConfig.py:52
+#: src/config/SSSDConfig.py:53
msgid "Regex to parse username and domain"
msgstr ""
-#: src/config/SSSDConfig.py:53
+#: src/config/SSSDConfig.py:54
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr ""
-#: src/config/SSSDConfig.py:54
+#: src/config/SSSDConfig.py:55
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig.py:57
+#: src/config/SSSDConfig.py:58
msgid "Enumeration cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:58
+#: src/config/SSSDConfig.py:59
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:59 src/config/SSSDConfig.py:82
+#: src/config/SSSDConfig.py:60 src/config/SSSDConfig.py:85
msgid "Negative cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:60
+#: src/config/SSSDConfig.py:61
msgid "Users that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig.py:61
+#: src/config/SSSDConfig.py:62
msgid "Groups that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig.py:62
+#: src/config/SSSDConfig.py:63
msgid "Should filtered users appear in groups"
msgstr ""
-#: src/config/SSSDConfig.py:63
+#: src/config/SSSDConfig.py:64
msgid "The value of the password field the NSS provider should return"
msgstr ""
-#: src/config/SSSDConfig.py:64
+#: src/config/SSSDConfig.py:65
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:65
+#: src/config/SSSDConfig.py:66
+msgid ""
+"Substitute empty homedir value from the identity provider with this value"
+msgstr ""
+
+#: src/config/SSSDConfig.py:67
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig.py:66
+#: src/config/SSSDConfig.py:68
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig.py:67
+#: src/config/SSSDConfig.py:69
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
#: src/config/SSSDConfig.py:70
+msgid "Shell to use if the provider does not list one"
+msgstr ""
+
+#: src/config/SSSDConfig.py:73
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
-#: src/config/SSSDConfig.py:71
+#: src/config/SSSDConfig.py:74
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
-#: src/config/SSSDConfig.py:72
+#: src/config/SSSDConfig.py:75
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
msgstr ""
-#: src/config/SSSDConfig.py:73
+#: src/config/SSSDConfig.py:76
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig.py:74
+#: src/config/SSSDConfig.py:77
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig.py:75
+#: src/config/SSSDConfig.py:78
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig.py:78
+#: src/config/SSSDConfig.py:81
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:79
+#: src/config/SSSDConfig.py:82
msgid ""
"How many seconds to keep sudorules cached before asking the provider again"
msgstr ""
-#: src/config/SSSDConfig.py:85
+#: src/config/SSSDConfig.py:88
+msgid "Whether to hash host names and adresses in the known_hosts file"
+msgstr ""
+
+#: src/config/SSSDConfig.py:91
msgid "Identity provider"
msgstr "Identity Provider"
-#: src/config/SSSDConfig.py:86
+#: src/config/SSSDConfig.py:92
msgid "Authentication provider"
msgstr ""
-#: src/config/SSSDConfig.py:87
+#: src/config/SSSDConfig.py:93
msgid "Access control provider"
msgstr ""
-#: src/config/SSSDConfig.py:88
+#: src/config/SSSDConfig.py:94
msgid "Password change provider"
msgstr ""
-#: src/config/SSSDConfig.py:89
+#: src/config/SSSDConfig.py:95
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig.py:90
+#: src/config/SSSDConfig.py:96
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig.py:91
+#: src/config/SSSDConfig.py:97
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig.py:92
+#: src/config/SSSDConfig.py:98
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig.py:95
+#: src/config/SSSDConfig.py:101
msgid "Minimum user ID"
msgstr ""
-#: src/config/SSSDConfig.py:96
+#: src/config/SSSDConfig.py:102
msgid "Maximum user ID"
msgstr ""
-#: src/config/SSSDConfig.py:97
+#: src/config/SSSDConfig.py:103
msgid "Enable enumerating all users/groups"
msgstr ""
-#: src/config/SSSDConfig.py:98
+#: src/config/SSSDConfig.py:104
msgid "Cache credentials for offline login"
msgstr ""
-#: src/config/SSSDConfig.py:99
+#: src/config/SSSDConfig.py:105
msgid "Store password hashes"
msgstr ""
-#: src/config/SSSDConfig.py:100
+#: src/config/SSSDConfig.py:106
msgid "Display users/groups in fully-qualified form"
msgstr ""
-#: src/config/SSSDConfig.py:101 src/config/SSSDConfig.py:108
-#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
-#: src/config/SSSDConfig.py:111 src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:115 src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:117 src/config/SSSDConfig.py:118
msgid "Entry cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:102
+#: src/config/SSSDConfig.py:108
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
-#: src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:109
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:110
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:111
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig.py:106
+#: src/config/SSSDConfig.py:112
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:107
+#: src/config/SSSDConfig.py:113
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:121
msgid "IPA domain"
msgstr "IPA-Domain"
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:122
msgid "IPA server address"
msgstr "IPA-Serveradresse"
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:123
msgid "IPA client hostname"
msgstr "IPA-Client-Rechnername"
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:124
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:125
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:126
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:127
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:128
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:129
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:130
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig.py:127 src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:133 src/config/SSSDConfig.py:134
msgid "Kerberos server address"
msgstr "Kerberos-Serveradresse"
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:135
msgid "Kerberos realm"
msgstr "Kerberos Realm"
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:136
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:139
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:140
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:141
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:142
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:143
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:144
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:146
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:147
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:148
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:149
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:152
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:155
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:156
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:157
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:158
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:159
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:160
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:161
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:162
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:163
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:164
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:165
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:166
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:167
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:168
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:169
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:170
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:171
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:172
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:173
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:174
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:175
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:176
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:177
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:178
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:179
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:180
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:181
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:182
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:183
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:185
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:186
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:188
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:190
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:193
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:194
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:195
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:196
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:197
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:198
+msgid "Use ID-mapping of objectSID instead of pre-set IDs"
+msgstr ""
+
+#: src/config/SSSDConfig.py:199
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:200
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:201
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:202
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:203
msgid "Username attribute"
msgstr "Benutzername-Attribut"
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:205
msgid "UID attribute"
msgstr "UID-Attribut"
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:206
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:207
msgid "GECOS attribute"
msgstr "GECOS-Attribut"
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:208
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:209
msgid "Shell attribute"
msgstr "Shell-Attribut"
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:210
msgid "UUID attribute"
msgstr "UUID-Attribut"
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:211 src/config/SSSDConfig.py:247
+#, fuzzy
+msgid "objectSID attribute"
+msgstr "UID-Attribut"
+
+#: src/config/SSSDConfig.py:212
+msgid "Active Directory primary group attribute for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:213
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:214
msgid "Full Name"
msgstr "Vollständiger Name"
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:215
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:216
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:218
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:219
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:220
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:221
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:213
+#: src/config/SSSDConfig.py:222
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:223
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:224
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:225
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:226
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:227
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:228
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:229
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:230
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:231
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:232
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:233
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:234
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:226
+#: src/config/SSSDConfig.py:235
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:236
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:238
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:232
+#: src/config/SSSDConfig.py:241
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:242
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:243
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:235
+#: src/config/SSSDConfig.py:244
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:236
+#: src/config/SSSDConfig.py:245
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:246
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:248
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:240
+#: src/config/SSSDConfig.py:250
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:252
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:243
+#: src/config/SSSDConfig.py:253
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:244
+#: src/config/SSSDConfig.py:254
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:255
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:246
+#: src/config/SSSDConfig.py:256
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:247
+#: src/config/SSSDConfig.py:257
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:258
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:250
+#: src/config/SSSDConfig.py:260
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:251
+#: src/config/SSSDConfig.py:261
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig.py:252
+#: src/config/SSSDConfig.py:262
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig.py:253
+#: src/config/SSSDConfig.py:263
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig.py:254
+#: src/config/SSSDConfig.py:264
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig.py:258
+#: src/config/SSSDConfig.py:267
+msgid "Lower bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:268
+msgid "Upper bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:269
+msgid "Number of IDs for each slice when ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:270
+msgid "Use autorid-compatible algorithm for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:271
+msgid "Name of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:272
+msgid "SID of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:275
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:261
+#: src/config/SSSDConfig.py:278
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:262
+#: src/config/SSSDConfig.py:279
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:263
+#: src/config/SSSDConfig.py:280
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:266
+#: src/config/SSSDConfig.py:283
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:267
+#: src/config/SSSDConfig.py:284
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:270
+#: src/config/SSSDConfig.py:287
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig.py:271
+#: src/config/SSSDConfig.py:288
msgid "Enable periodical update of all sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:272
+#: src/config/SSSDConfig.py:289
msgid "Length of time between rules updates"
msgstr ""
-#: src/config/SSSDConfig.py:273
+#: src/config/SSSDConfig.py:290
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:274
+#: src/config/SSSDConfig.py:291
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig.py:275
+#: src/config/SSSDConfig.py:292
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig.py:276
+#: src/config/SSSDConfig.py:293
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig.py:277
+#: src/config/SSSDConfig.py:294
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig.py:278
+#: src/config/SSSDConfig.py:295
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig.py:279
+#: src/config/SSSDConfig.py:296
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig.py:280
+#: src/config/SSSDConfig.py:297
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig.py:281
+#: src/config/SSSDConfig.py:298
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig.py:282
+#: src/config/SSSDConfig.py:299
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig.py:283
+#: src/config/SSSDConfig.py:300
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig.py:286
+#: src/config/SSSDConfig.py:303
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig.py:287
+#: src/config/SSSDConfig.py:304
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig.py:288
+#: src/config/SSSDConfig.py:305
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig.py:289
+#: src/config/SSSDConfig.py:306
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig.py:290
+#: src/config/SSSDConfig.py:307
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig.py:291
+#: src/config/SSSDConfig.py:308
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig.py:294
+#: src/config/SSSDConfig.py:311
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:295
+#: src/config/SSSDConfig.py:312
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:298
+#: src/config/SSSDConfig.py:315
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:299
+#: src/config/SSSDConfig.py:316
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:302
+#: src/config/SSSDConfig.py:319
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:305
+#: src/config/SSSDConfig.py:320
+msgid "Whether to look up canonical group name from cache if possible"
+msgstr ""
+
+#: src/config/SSSDConfig.py:323
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2379
+#: src/monitor/monitor.c:2398
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2381
+#: src/monitor/monitor.c:2400
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2383 src/tools/sss_debuglevel.c:77
+#: src/monitor/monitor.c:2402 src/tools/sss_debuglevel.c:77
msgid "Specify a non-default config file"
msgstr ""
-#: src/monitor/monitor.c:2385
+#: src/monitor/monitor.c:2404
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381
-#: src/util/util.h:89
+#: src/providers/krb5/krb5_child.c:1606 src/providers/ldap/ldap_child.c:402
+#: src/util/util.h:91
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1608 src/providers/ldap/ldap_child.c:404
+#: src/util/util.h:95
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385
-#: src/util/util.h:95
+#: src/providers/krb5/krb5_child.c:1610 src/providers/ldap/ldap_child.c:406
+#: src/util/util.h:97
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387
+#: src/providers/krb5/krb5_child.c:1612 src/providers/ldap/ldap_child.c:408
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:2016
+#: src/providers/data_provider_be.c:2217
msgid "Domain of the information provider (mandatory)"
msgstr ""
@@ -912,95 +971,96 @@ msgstr ""
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:378
+#: src/sss_client/pam_sss.c:379
msgid "Passwords do not match"
msgstr ""
-#: src/sss_client/pam_sss.c:571
+#: src/sss_client/pam_sss.c:567
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:612
+#: src/sss_client/pam_sss.c:608
msgid "Authenticated with cached credentials"
msgstr ""
-#: src/sss_client/pam_sss.c:613
+#: src/sss_client/pam_sss.c:609
msgid ", your cached password will expire at: "
msgstr ""
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:639
#, c-format
msgid "Your password has expired. You have %d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:689
+#: src/sss_client/pam_sss.c:685
#, c-format
msgid "Your password will expire in %d %s."
msgstr ""
-#: src/sss_client/pam_sss.c:738
+#: src/sss_client/pam_sss.c:734
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:759
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:789 src/sss_client/pam_sss.c:802
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:792 src/sss_client/pam_sss.c:803
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1286
+#: src/sss_client/pam_sss.c:1288
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1287
+#: src/sss_client/pam_sss.c:1289
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1373
+#: src/sss_client/pam_sss.c:1375
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1405
+#: src/sss_client/pam_sss.c:1407
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1552
+#: src/sss_client/pam_sss.c:1554
msgid "Password expired. Change your password now."
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:211 src/tools/sss_useradd.c:48
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:43
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:615
#: src/tools/sss_userdel.c:131 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:254 src/tools/sss_debuglevel.c:75
+#: src/tools/sss_cache.c:321 src/tools/sss_debuglevel.c:75
msgid "The debug level to run with"
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:215
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:199
msgid "The SSSD domain to use"
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:58
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:229 src/tools/sss_useradd.c:71
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:216 src/tools/sss_useradd.c:71
#: src/tools/sss_groupadd.c:56 src/tools/sss_groupdel.c:52
#: src/tools/sss_groupmod.c:63 src/tools/sss_groupshow.c:626
#: src/tools/sss_userdel.c:148 src/tools/sss_usermod.c:72
-#: src/tools/sss_cache.c:275
+#: src/tools/sss_cache.c:352
msgid "Error setting the locale\n"
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:65
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:91
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:236
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:269
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:115
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:223
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:283
msgid "Not enough memory\n"
msgstr ""
@@ -1008,35 +1068,43 @@ msgstr ""
msgid "User not specified\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:104
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:282
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:105
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:297
msgid "Error looking up public keys\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:94
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:76
msgid "Failed to open a socket\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:104
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:86
msgid "Failed to connect to the server\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:179
msgid "Failed to execute proxy command\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:213
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:197
msgid "The port to use to connect to the host"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:255
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:242
msgid "Host not specified\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:261
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:248
msgid "The path to the proxy command must be absolute\n"
msgstr ""
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:263
+msgid "Host name cannot be resolved\n"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:274
+msgid "Reverse lookup failed\n"
+msgstr ""
+
#: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
msgid "The UID of the user"
msgstr ""
@@ -1408,44 +1476,87 @@ msgstr ""
msgid "Transaction error. Could not modify user.\n"
msgstr ""
-#: src/tools/sss_cache.c:132
+#: src/tools/sss_cache.c:138
+msgid "No cache object matched the specified search\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:172
+#, c-format
+msgid "No such %s named %s, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:175
+#, c-format
+msgid "No objects of type %s in the cache, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:187
#, c-format
msgid "Couldn't invalidate %s"
msgstr ""
-#: src/tools/sss_cache.c:138
+#: src/tools/sss_cache.c:194
#, c-format
msgid "Couldn't invalidate %s %s"
msgstr ""
-#: src/tools/sss_cache.c:256
+#: src/tools/sss_cache.c:323
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:258
+#: src/tools/sss_cache.c:325
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:260
+#: src/tools/sss_cache.c:327
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:262
+#: src/tools/sss_cache.c:329
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:264
+#: src/tools/sss_cache.c:331
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:266
+#: src/tools/sss_cache.c:333
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:268
+#: src/tools/sss_cache.c:335
+msgid "Invalidate particular service"
+msgstr ""
+
+#: src/tools/sss_cache.c:337
+msgid "Invalidate all services"
+msgstr ""
+
+#: src/tools/sss_cache.c:340
+msgid "Invalidate particular autofs map"
+msgstr ""
+
+#: src/tools/sss_cache.c:342
+msgid "Invalidate all autofs maps"
+msgstr ""
+
+#: src/tools/sss_cache.c:345
msgid "Only invalidate entries from a particular domain"
msgstr ""
+#: src/tools/sss_cache.c:384
+msgid "Please select at least one object to invalidate\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:455
+#, c-format
+msgid "Could not open domain %s\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:457
+msgid "Could not open available domains\n"
+msgstr ""
+
#: src/tools/sss_debuglevel.c:43
msgid "\n"
msgstr ""
@@ -1463,6 +1574,6 @@ msgstr ""
msgid "%s must be run as root\n"
msgstr ""
-#: src/util/util.h:91
+#: src/util/util.h:93
msgid "Send the debug output to files instead of stderr"
msgstr ""
diff --git a/po/es.po b/po/es.po
index 0aaaae93f..187777383 100644
--- a/po/es.po
+++ b/po/es.po
@@ -12,8 +12,8 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2012-03-12 16:37-0400\n"
-"PO-Revision-Date: 2012-03-08 11:41+0000\n"
+"POT-Creation-Date: 2012-05-11 14:59-0400\n"
+"PO-Revision-Date: 2012-04-20 16:09+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: Spanish (Castilian) <trans-es@lists.fedoraproject.org>\n"
"Language: es\n"
@@ -44,42 +44,47 @@ msgid "Ping timeout before restarting service"
msgstr "Tiempo máximo de ping antes de reiniciar el servicio"
#: src/config/SSSDConfig.py:44
+msgid ""
+"Timeout between three failed ping checks and forcibly killing the service"
+msgstr ""
+
+#: src/config/SSSDConfig.py:45
msgid "Command to start service"
msgstr "Comando para iniciar el servicio"
-#: src/config/SSSDConfig.py:45
+#: src/config/SSSDConfig.py:46
msgid "Number of times to attempt connection to Data Providers"
msgstr ""
"Número de veces que debe intentar la conexión con los Proveedores de Datos"
-#: src/config/SSSDConfig.py:46
+#: src/config/SSSDConfig.py:47
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig.py:49
+#: src/config/SSSDConfig.py:50
msgid "SSSD Services to start"
msgstr "Servicios SSSD a iniciar"
-#: src/config/SSSDConfig.py:50
+#: src/config/SSSDConfig.py:51
msgid "SSSD Domains to start"
msgstr "Dominios SSSD a iniciar"
-#: src/config/SSSDConfig.py:51
+#: src/config/SSSDConfig.py:52
msgid "Timeout for messages sent over the SBUS"
msgstr "Tiempo máximo para los mensajes enviados a través de SBUS"
-#: src/config/SSSDConfig.py:52
+#: src/config/SSSDConfig.py:53
msgid "Regex to parse username and domain"
msgstr ""
"Expresión regular para analizar sintácticamente el nombre de usuario y "
"dominio"
-#: src/config/SSSDConfig.py:53
+#: src/config/SSSDConfig.py:54
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr ""
"Formato compatible con printf para mostrar nombres completamente calificados"
-#: src/config/SSSDConfig.py:54
+#: src/config/SSSDConfig.py:55
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -87,52 +92,60 @@ msgstr ""
"Directorio en el sistema de archivos donde SSSD debería guardar fichero de "
"reproducción de cache de Kerberos."
-#: src/config/SSSDConfig.py:57
+#: src/config/SSSDConfig.py:58
msgid "Enumeration cache timeout length (seconds)"
msgstr "Tiempo máximo (segundos) del caché de enumeración"
-#: src/config/SSSDConfig.py:58
+#: src/config/SSSDConfig.py:59
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
"Tiempo máximo (segundos) de la entrada de caché a actualizar en segundo plano"
-#: src/config/SSSDConfig.py:59 src/config/SSSDConfig.py:82
+#: src/config/SSSDConfig.py:60 src/config/SSSDConfig.py:85
msgid "Negative cache timeout length (seconds)"
msgstr "Tiempo máximo negativo del cache (segundos)"
-#: src/config/SSSDConfig.py:60
+#: src/config/SSSDConfig.py:61
msgid "Users that SSSD should explicitly ignore"
msgstr "Usuarios que deben ser explícitamente ignorados por SSSD"
-#: src/config/SSSDConfig.py:61
+#: src/config/SSSDConfig.py:62
msgid "Groups that SSSD should explicitly ignore"
msgstr "Grupos que deben ser explícitamente ignorados por SSSD"
-#: src/config/SSSDConfig.py:62
+#: src/config/SSSDConfig.py:63
msgid "Should filtered users appear in groups"
msgstr "Deben aparecer los usuarios filtrados en los grupos"
-#: src/config/SSSDConfig.py:63
+#: src/config/SSSDConfig.py:64
msgid "The value of the password field the NSS provider should return"
msgstr "El valor del campo contraseña que el proveedor NSS debe devolver"
-#: src/config/SSSDConfig.py:64
+#: src/config/SSSDConfig.py:65
msgid "Override homedir value from the identity provider with this value"
msgstr ""
"Sustituye valores del directorio personal del proveedor de la identidad con "
"este valor"
-#: src/config/SSSDConfig.py:65
+#: src/config/SSSDConfig.py:66
+#, fuzzy
+msgid ""
+"Substitute empty homedir value from the identity provider with this value"
+msgstr ""
+"Sustituye valores del directorio personal del proveedor de la identidad con "
+"este valor"
+
+#: src/config/SSSDConfig.py:67
msgid "The list of shells users are allowed to log in with"
msgstr "Lista de los usuarios de consola habilitados para registrarse"
-#: src/config/SSSDConfig.py:66
+#: src/config/SSSDConfig.py:68
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
"Lista de consolas que serán vetadas, y reemplazadas por la consola de reserva"
-#: src/config/SSSDConfig.py:67
+#: src/config/SSSDConfig.py:69
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
@@ -141,16 +154,20 @@ msgstr ""
"encuentra disponible, utilice esta de reserva"
#: src/config/SSSDConfig.py:70
+msgid "Shell to use if the provider does not list one"
+msgstr ""
+
+#: src/config/SSSDConfig.py:73
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
"Por cuánto tiempo permitir ingresos cacheados entre ingresos en línea (días)"
-#: src/config/SSSDConfig.py:71
+#: src/config/SSSDConfig.py:74
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
"Cuantos intentos de ingreso fallidos se permiten cuando está desconectado"
-#: src/config/SSSDConfig.py:72
+#: src/config/SSSDConfig.py:75
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
@@ -158,347 +175,351 @@ msgstr ""
"Cuántos minutos se denegará el ingreso después de que se alcance el máximo "
"de ingresos fallidos offline_failed_login_attempts"
-#: src/config/SSSDConfig.py:73
+#: src/config/SSSDConfig.py:76
msgid "What kind of messages are displayed to the user during authentication"
msgstr "Que clase de mensajes se muestran al usuario durante la autenticación"
-#: src/config/SSSDConfig.py:74
+#: src/config/SSSDConfig.py:77
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
"Cuanto segundos se mantendrá la información de identidad almacenada para "
"solicitudes de PAM"
-#: src/config/SSSDConfig.py:75
+#: src/config/SSSDConfig.py:78
msgid "How many days before password expiration a warning should be displayed"
msgstr "Cuanto días se debe mostrar un aviso de expiración de contraseña"
-#: src/config/SSSDConfig.py:78
+#: src/config/SSSDConfig.py:81
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:79
+#: src/config/SSSDConfig.py:82
msgid ""
"How many seconds to keep sudorules cached before asking the provider again"
msgstr ""
-#: src/config/SSSDConfig.py:85
+#: src/config/SSSDConfig.py:88
+msgid "Whether to hash host names and adresses in the known_hosts file"
+msgstr ""
+
+#: src/config/SSSDConfig.py:91
msgid "Identity provider"
msgstr "Proveedor de identidad"
-#: src/config/SSSDConfig.py:86
+#: src/config/SSSDConfig.py:92
msgid "Authentication provider"
msgstr "Proveedor de Autenticación"
-#: src/config/SSSDConfig.py:87
+#: src/config/SSSDConfig.py:93
msgid "Access control provider"
msgstr "Proveedor de control de acceso"
-#: src/config/SSSDConfig.py:88
+#: src/config/SSSDConfig.py:94
msgid "Password change provider"
msgstr "Proveedor de cambio de contraseña"
-#: src/config/SSSDConfig.py:89
+#: src/config/SSSDConfig.py:95
msgid "SUDO provider"
msgstr "Proveedor de SUDO"
-#: src/config/SSSDConfig.py:90
+#: src/config/SSSDConfig.py:96
msgid "Autofs provider"
msgstr "Proveedor de Autofs"
-#: src/config/SSSDConfig.py:91
+#: src/config/SSSDConfig.py:97
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig.py:92
+#: src/config/SSSDConfig.py:98
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig.py:95
+#: src/config/SSSDConfig.py:101
msgid "Minimum user ID"
msgstr "ID mínimo de usuario"
-#: src/config/SSSDConfig.py:96
+#: src/config/SSSDConfig.py:102
msgid "Maximum user ID"
msgstr "ID máximo de usuario"
-#: src/config/SSSDConfig.py:97
+#: src/config/SSSDConfig.py:103
msgid "Enable enumerating all users/groups"
msgstr "Habilitar la enumeración de todos los usuarios/grupos"
-#: src/config/SSSDConfig.py:98
+#: src/config/SSSDConfig.py:104
msgid "Cache credentials for offline login"
msgstr "Hacer caché de las credenciales para ingresos fuera de línea"
-#: src/config/SSSDConfig.py:99
+#: src/config/SSSDConfig.py:105
msgid "Store password hashes"
msgstr "Guardar los hashes de la contraseña"
-#: src/config/SSSDConfig.py:100
+#: src/config/SSSDConfig.py:106
msgid "Display users/groups in fully-qualified form"
msgstr "Mostrar los usuarios/grupos en un formato completamente calificado"
-#: src/config/SSSDConfig.py:101 src/config/SSSDConfig.py:108
-#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
-#: src/config/SSSDConfig.py:111 src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:115 src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:117 src/config/SSSDConfig.py:118
msgid "Entry cache timeout length (seconds)"
msgstr "Tiempo máximo de una entrada del caché (segundos)"
-#: src/config/SSSDConfig.py:102
+#: src/config/SSSDConfig.py:108
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
"Restringir o preferir una familia de direcciones específica, cuando se "
"realicen búsquedas DNS"
-#: src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:109
msgid "How long to keep cached entries after last successful login (days)"
msgstr "Por cuánto tiempo permitir ingresos cacheados luego del último (días)"
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:110
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
"Cantidad de tiempo (en segundos) a esperar respuestas desde DNS cuando se "
"estén resolviendo servidores"
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:111
msgid "The domain part of service discovery DNS query"
msgstr "La sección del dominio de la consulta para descubrir servicios DNS"
-#: src/config/SSSDConfig.py:106
+#: src/config/SSSDConfig.py:112
msgid "Override GID value from the identity provider with this value"
msgstr "Sustituye valor GID del proveedor de la identidad con este valor"
-#: src/config/SSSDConfig.py:107
+#: src/config/SSSDConfig.py:113
msgid "Treat usernames as case sensitive"
msgstr "Trate al nombre de usuario con mayúsculas y minúsculas"
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:121
msgid "IPA domain"
msgstr "Dominio IPA"
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:122
msgid "IPA server address"
msgstr "Dirección del servidor IPA"
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:123
msgid "IPA client hostname"
msgstr "Nombre de equipo del cliente IPA"
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:124
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
"Si actualizar o no en forma automática la entrada DNS del cliente en FreeIPA"
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:125
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
"La interfaz cuya IP debería ser utilizada para actualizaciones DNS "
"automáticas"
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:126
msgid "Search base for HBAC related objects"
msgstr "Búsqueda base para objetos HBAC"
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:127
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
"Cantidad de tiempo entre búsquedas de reglas HBAC contra el servidor IPA"
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:128
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
"Si se encuentran presentes reglas de negación (DENY) o bien se niega todo "
"(DENY_ALL) o se ignora (IGNORE)"
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:129
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
"Si se lo define en 'false', será ignorado el argumento de equipo ofrecido "
"por PAM"
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:130
msgid "The automounter location this IPA client is using"
msgstr "La ubicación de montaje automático que este cliente de IPA está usando"
-#: src/config/SSSDConfig.py:127 src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:133 src/config/SSSDConfig.py:134
msgid "Kerberos server address"
msgstr "Dirección del servidor Kerberos"
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:135
msgid "Kerberos realm"
msgstr "Reinado Kerberos"
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:136
msgid "Authentication timeout"
msgstr "Expiración de la autenticación"
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:139
msgid "Directory to store credential caches"
msgstr "Directorio donde almacenar las credenciales cacheadas"
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:140
msgid "Location of the user's credential cache"
msgstr "Ubicación del caché de credenciales del usuario"
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:141
msgid "Location of the keytab to validate credentials"
msgstr "Ubicación de la tabla de claves para validar las credenciales"
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:142
msgid "Enable credential validation"
msgstr "Habilitar la validación de credenciales"
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:143
msgid "Store password if offline for later online authentication"
msgstr ""
"Si se encuentra desconectado, almacena contraseñas para más tarde realizar "
"una autenticación en línea"
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:144
msgid "Renewable lifetime of the TGT"
msgstr "ciclo de vida renovable del TGT"
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of the TGT"
msgstr "ciclo de vida del TGT"
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:146
msgid "Time between two checks for renewal"
msgstr "tiempo entre dos comprobaciones para renovación "
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:147
msgid "Enables FAST"
msgstr "Habilita FAST"
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:148
msgid "Selects the principal to use for FAST"
msgstr "Selecciona el principal para su uso por FAST"
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:149
msgid "Enables principal canonicalization"
msgstr "Habilita canonicalización principal"
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:152
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"El servidor en donde está ejecutándose el servicio de modificación de "
"contraseña, en caso de no ser KDC. "
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:155
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, El URI del servidor LDAP"
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:156
msgid "The default base DN"
msgstr "DN base predeterminado"
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:157
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "El Tipo de Esquema a usar en el servidor LDAP, rfc2307"
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:158
msgid "The default bind DN"
msgstr "El DN Bind predeterminado"
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:159
msgid "The type of the authentication token of the default bind DN"
msgstr "El tipo del token de autenticación del DN bind predeterminado"
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:160
msgid "The authentication token of the default bind DN"
msgstr "El token de autenticación del DN bind predeterminado"
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:161
msgid "Length of time to attempt connection"
msgstr "Tiempo durante el que se intentará la conexión"
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:162
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Tiempo durante el que se intentará operaciones LDAP sincrónicas"
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:163
msgid "Length of time between attempts to reconnect while offline"
msgstr "Tiempo entre intentos de reconexión cuando esté fuera de línea"
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:164
msgid "Use only the upper case for realm names"
msgstr "Use solo el caso superior para nombres reales"
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:165
msgid "File that contains CA certificates"
msgstr "Archivo que contiene los certificados CA"
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:166
msgid "Path to CA certificate directory"
msgstr "Ruta hacia un directorio certificado CA"
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:167
msgid "File that contains the client certificate"
msgstr "Fichero que contiene el certificado de cliente"
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:168
msgid "File that contains the client key"
msgstr "Fichero que contiene la llave de cliente"
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:169
msgid "List of possible ciphers suites"
msgstr "Lista de posibles suites de cifrado"
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:170
msgid "Require TLS certificate verification"
msgstr "Requiere la verificación de certificado TLS"
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:171
msgid "Specify the sasl mechanism to use"
msgstr "Especificar el mecanismo sasl a usar"
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:172
msgid "Specify the sasl authorization id to use"
msgstr "Especifique el id de autorización sasl a usar"
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:173
msgid "Specify the sasl authorization realm to use"
msgstr "Especifica el reinado de autorización sasl a ser utilizado"
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:174
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr "Especificar los SSF mínimos para autorizaciones sasl de LDAP"
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:175
msgid "Kerberos service keytab"
msgstr "Tabla de clave del servicio Kerberos"
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:176
msgid "Use Kerberos auth for LDAP connection"
msgstr "Usar auth Kerberos para la conexión LDAP"
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:177
msgid "Follow LDAP referrals"
msgstr "Seguir referencias LDAP"
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:178
msgid "Lifetime of TGT for LDAP connection"
msgstr "Período de vida del TGT para la conexión LDAP"
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:179
msgid "How to dereference aliases"
msgstr "Como eliminar aliases"
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:180
msgid "Service name for DNS service lookups"
msgstr "Nombre de servicio para busquedas de servicios DNS"
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:181
msgid "The number of records to retrieve in a single LDAP query"
msgstr "La cantidad de registros a ser obtenidos en una única consulta LDAP"
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:182
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
"La cantidad de miembros que deben faltar para desencadenar una deref completa"
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:183
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
@@ -506,434 +527,475 @@ msgstr ""
"Si la Biblioteca LDAP debería realizar una búsqueda inversa para "
"canonicalizar el nombre del host durante un enlace SASL"
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:185
msgid "entryUSN attribute"
msgstr "atributo entryUSN"
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:186
msgid "lastUSN attribute"
msgstr "atributo lastUSN"
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:188
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
"El período de tiempo máximo para retener una conexión con el servidor LDAP "
"antes de desconectar"
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:190
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:193
msgid "Length of time to wait for a search request"
msgstr "Tiempo máximo a esperar un pedido de búsqueda"
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:194
msgid "Length of time to wait for a enumeration request"
msgstr "periodo de espera para solicitud de enumeración"
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:195
msgid "Length of time between enumeration updates"
msgstr "Tiempo en segundos entre las actualizaciones de enumeración"
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:196
msgid "Length of time between cache cleanups"
msgstr "periodo de tiempo entre borrados de la caché"
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:197
msgid "Require TLS for ID lookups"
msgstr "Requiere TLS para búsquedas de ID"
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:198
+msgid "Use ID-mapping of objectSID instead of pre-set IDs"
+msgstr ""
+
+#: src/config/SSSDConfig.py:199
msgid "Base DN for user lookups"
msgstr "DN base para búsquedas de usuario"
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:200
msgid "Scope of user lookups"
msgstr "Ambito de las búsquedas del usuario"
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:201
msgid "Filter for user lookups"
msgstr "Filtro para las búsquedas del usuario"
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:202
msgid "Objectclass for users"
msgstr "Objectclass para los usuarios"
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:203
msgid "Username attribute"
msgstr "Atributo Username"
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:205
msgid "UID attribute"
msgstr "Atributo UID"
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:206
msgid "Primary GID attribute"
msgstr "Atributo GID primario"
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:207
msgid "GECOS attribute"
msgstr "Atributo GECOS"
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:208
msgid "Home directory attribute"
msgstr "Atributo Directorio de inicio"
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:209
msgid "Shell attribute"
msgstr "Atributo shell"
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:210
msgid "UUID attribute"
msgstr "Atributo UUID"
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:211 src/config/SSSDConfig.py:247
+#, fuzzy
+msgid "objectSID attribute"
+msgstr "Atributo UID"
+
+#: src/config/SSSDConfig.py:212
+msgid "Active Directory primary group attribute for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:213
msgid "User principal attribute (for Kerberos)"
msgstr "Atributo principal del usuario (para Kerberos) "
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:214
msgid "Full Name"
msgstr "Nombre completo"
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:215
msgid "memberOf attribute"
msgstr "Atributo memberOf"
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:216
msgid "Modification time attribute"
msgstr "Atributo hora de modificación"
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:218
msgid "shadowLastChange attribute"
msgstr "atributo shadowLastChange"
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:219
msgid "shadowMin attribute"
msgstr "atributo shadowMin "
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:220
msgid "shadowMax attribute"
msgstr "atributo shadowMax"
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:221
msgid "shadowWarning attribute"
msgstr "atributo shadowWarning "
-#: src/config/SSSDConfig.py:213
+#: src/config/SSSDConfig.py:222
msgid "shadowInactive attribute"
msgstr "atributo shadowInactive "
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:223
msgid "shadowExpire attribute"
msgstr "atributo shadowExpire"
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:224
msgid "shadowFlag attribute"
msgstr "atributo shadowFlag "
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:225
msgid "Attribute listing authorized PAM services"
msgstr "listado de atributos de servicios PAM autorizados"
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:226
msgid "Attribute listing authorized server hosts"
msgstr "Atributo de listado de equipos de servidor autorizados"
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:227
msgid "krbLastPwdChange attribute"
msgstr "atributo krbLastPwdChange "
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:228
msgid "krbPasswordExpiration attribute"
msgstr "atributo krbPasswordExpiration "
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:229
msgid "Attribute indicating that server side password policies are active"
msgstr ""
"atributo indicando que las políticas de contraseña del lado del servidor "
"están activas"
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:230
msgid "accountExpires attribute of AD"
msgstr "atributo accountExpires de AD"
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:231
msgid "userAccountControl attribute of AD"
msgstr "atributo userAccountControl de AD"
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:232
msgid "nsAccountLock attribute"
msgstr "atributo nsAccountLock "
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:233
msgid "loginDisabled attribute of NDS"
msgstr "loginDisabled atributo de NDS"
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:234
msgid "loginExpirationTime attribute of NDS"
msgstr "loginExpirationTime atributo de NDS"
-#: src/config/SSSDConfig.py:226
+#: src/config/SSSDConfig.py:235
msgid "loginAllowedTimeMap attribute of NDS"
msgstr "loginAllowedTimeMap atributo de NDS"
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:236
msgid "SSH public key attribute"
msgstr "Atributo de clave pública SSH"
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:238
msgid "Base DN for group lookups"
msgstr "DN base para busqueda de grupos"
-#: src/config/SSSDConfig.py:232
+#: src/config/SSSDConfig.py:241
msgid "Objectclass for groups"
msgstr "clase objeto para"
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:242
msgid "Group name"
msgstr "Nombre del grupo"
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:243
msgid "Group password"
msgstr "Contraseña del grupo"
-#: src/config/SSSDConfig.py:235
+#: src/config/SSSDConfig.py:244
msgid "GID attribute"
msgstr "Atributo GID"
-#: src/config/SSSDConfig.py:236
+#: src/config/SSSDConfig.py:245
msgid "Group member attribute"
msgstr "Atributo de miembro del grupo"
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:246
msgid "Group UUID attribute"
msgstr "Atributo de UUID del grupo"
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:248
msgid "Modification time attribute for groups"
msgstr "Atributo de modificación de tiempo para los grupos"
-#: src/config/SSSDConfig.py:240
+#: src/config/SSSDConfig.py:250
msgid "Maximum nesting level SSSd will follow"
msgstr "A continuación, nivel SSSD de anidado máximo"
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:252
msgid "Base DN for netgroup lookups"
msgstr "DN base para búsquedas de grupos de red"
-#: src/config/SSSDConfig.py:243
+#: src/config/SSSDConfig.py:253
msgid "Objectclass for netgroups"
msgstr "Clases de objetos para grupos de red"
-#: src/config/SSSDConfig.py:244
+#: src/config/SSSDConfig.py:254
msgid "Netgroup name"
msgstr "Nombre de grupo de red"
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:255
msgid "Netgroups members attribute"
msgstr "Atributo de miembros de grupos de red"
-#: src/config/SSSDConfig.py:246
+#: src/config/SSSDConfig.py:256
msgid "Netgroup triple attribute"
msgstr "Atributo triple de grupo de red"
-#: src/config/SSSDConfig.py:247
+#: src/config/SSSDConfig.py:257
msgid "Netgroup UUID attribute"
msgstr "Atributo UUID de miembro de red"
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:258
msgid "Modification time attribute for netgroups"
msgstr "Atributo de modificación de tiempo para grupos de red"
-#: src/config/SSSDConfig.py:250
+#: src/config/SSSDConfig.py:260
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:251
+#: src/config/SSSDConfig.py:261
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig.py:252
+#: src/config/SSSDConfig.py:262
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig.py:253
+#: src/config/SSSDConfig.py:263
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig.py:254
+#: src/config/SSSDConfig.py:264
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig.py:258
+#: src/config/SSSDConfig.py:267
+msgid "Lower bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:268
+msgid "Upper bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:269
+msgid "Number of IDs for each slice when ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:270
+msgid "Use autorid-compatible algorithm for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:271
+msgid "Name of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:272
+msgid "SID of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:275
msgid "Policy to evaluate the password expiration"
msgstr "Política para evaluar el vencimiento de la contraseña"
-#: src/config/SSSDConfig.py:261
+#: src/config/SSSDConfig.py:278
msgid "LDAP filter to determine access privileges"
msgstr "Filtro LDAP para determinar privilegios de acceso"
-#: src/config/SSSDConfig.py:262
+#: src/config/SSSDConfig.py:279
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
"Los atributos que deberán ser utilizados para evaluar si una cuenta ha "
"expirado"
-#: src/config/SSSDConfig.py:263
+#: src/config/SSSDConfig.py:280
msgid "Which rules should be used to evaluate access control"
msgstr "Las reglas que deberían ser utilizadas para evaluar control de acceso"
-#: src/config/SSSDConfig.py:266
+#: src/config/SSSDConfig.py:283
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
"URI de un servidor LDAP donde se permite la modificación de contraseñas"
-#: src/config/SSSDConfig.py:267
+#: src/config/SSSDConfig.py:284
msgid "DNS service name for LDAP password change server"
msgstr ""
"Nombre del servicio DNS para el servidor de modificación de contraseñas LDAP"
-#: src/config/SSSDConfig.py:270
+#: src/config/SSSDConfig.py:287
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig.py:271
+#: src/config/SSSDConfig.py:288
msgid "Enable periodical update of all sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:272
+#: src/config/SSSDConfig.py:289
msgid "Length of time between rules updates"
msgstr ""
-#: src/config/SSSDConfig.py:273
+#: src/config/SSSDConfig.py:290
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:274
+#: src/config/SSSDConfig.py:291
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig.py:275
+#: src/config/SSSDConfig.py:292
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig.py:276
+#: src/config/SSSDConfig.py:293
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig.py:277
+#: src/config/SSSDConfig.py:294
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig.py:278
+#: src/config/SSSDConfig.py:295
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig.py:279
+#: src/config/SSSDConfig.py:296
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig.py:280
+#: src/config/SSSDConfig.py:297
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig.py:281
+#: src/config/SSSDConfig.py:298
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig.py:282
+#: src/config/SSSDConfig.py:299
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig.py:283
+#: src/config/SSSDConfig.py:300
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig.py:286
+#: src/config/SSSDConfig.py:303
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig.py:287
+#: src/config/SSSDConfig.py:304
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig.py:288
+#: src/config/SSSDConfig.py:305
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig.py:289
+#: src/config/SSSDConfig.py:306
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig.py:290
+#: src/config/SSSDConfig.py:307
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig.py:291
+#: src/config/SSSDConfig.py:308
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig.py:294
+#: src/config/SSSDConfig.py:311
msgid "Comma separated list of allowed users"
msgstr "Lista separada por comas de usuarios autorizados"
-#: src/config/SSSDConfig.py:295
+#: src/config/SSSDConfig.py:312
msgid "Comma separated list of prohibited users"
msgstr "Lista separada por comas de usuarios prohibidos"
-#: src/config/SSSDConfig.py:298
+#: src/config/SSSDConfig.py:315
msgid "Default shell, /bin/bash"
msgstr "Shell predeterminado, /bin/bash"
-#: src/config/SSSDConfig.py:299
+#: src/config/SSSDConfig.py:316
msgid "Base for home directories"
msgstr "Base de los directorios de inicio"
-#: src/config/SSSDConfig.py:302
+#: src/config/SSSDConfig.py:319
msgid "The name of the NSS library to use"
msgstr "Nombre de la biblioteca NSS a usar"
-#: src/config/SSSDConfig.py:305
+#: src/config/SSSDConfig.py:320
+msgid "Whether to look up canonical group name from cache if possible"
+msgstr ""
+
+#: src/config/SSSDConfig.py:323
msgid "PAM stack to use"
msgstr "Pila PAM a usar"
-#: src/monitor/monitor.c:2379
+#: src/monitor/monitor.c:2398
msgid "Become a daemon (default)"
msgstr "Convertirse en demonio (predeterminado)"
-#: src/monitor/monitor.c:2381
+#: src/monitor/monitor.c:2400
msgid "Run interactive (not a daemon)"
msgstr "Ejecutarse en forma interactiva (no un demonio)"
-#: src/monitor/monitor.c:2383 src/tools/sss_debuglevel.c:77
+#: src/monitor/monitor.c:2402 src/tools/sss_debuglevel.c:77
msgid "Specify a non-default config file"
msgstr "Indicar un archivo de configuración diferente al predeterminado"
-#: src/monitor/monitor.c:2385
+#: src/monitor/monitor.c:2404
msgid "Print version number and exit"
msgstr "Muestra el número de versión y finaliza"
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381
-#: src/util/util.h:89
+#: src/providers/krb5/krb5_child.c:1606 src/providers/ldap/ldap_child.c:402
+#: src/util/util.h:91
msgid "Debug level"
msgstr "Nive de depuración"
-#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1608 src/providers/ldap/ldap_child.c:404
+#: src/util/util.h:95
msgid "Add debug timestamps"
msgstr "Agregar marcas de tiempo de depuración"
-#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385
-#: src/util/util.h:95
+#: src/providers/krb5/krb5_child.c:1610 src/providers/ldap/ldap_child.c:406
+#: src/util/util.h:97
msgid "Show timestamps with microseconds"
msgstr "Mostrar marcas de tiempo con microsegundos"
-#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387
+#: src/providers/krb5/krb5_child.c:1612 src/providers/ldap/ldap_child.c:408
msgid "An open file descriptor for the debug logs"
msgstr "Un arhivo abierto de descriptor para los registros de depuración"
-#: src/providers/data_provider_be.c:2016
+#: src/providers/data_provider_be.c:2217
msgid "Domain of the information provider (mandatory)"
msgstr "Dominio del proveedor de información (obligatorio)"
@@ -962,95 +1024,96 @@ msgid "Unexpected error while looking for an error description"
msgstr ""
"Ha ocurrido un error no esperado mientras se buscaba la descripción del error"
-#: src/sss_client/pam_sss.c:378
+#: src/sss_client/pam_sss.c:379
msgid "Passwords do not match"
msgstr "Las contraseñas no coinciden"
-#: src/sss_client/pam_sss.c:571
+#: src/sss_client/pam_sss.c:567
msgid "Password reset by root is not supported."
msgstr "No existe soporte para reseteado de la contraseña por el usuario root."
-#: src/sss_client/pam_sss.c:612
+#: src/sss_client/pam_sss.c:608
msgid "Authenticated with cached credentials"
msgstr "Autenticado mediante credenciales cacheada"
-#: src/sss_client/pam_sss.c:613
+#: src/sss_client/pam_sss.c:609
msgid ", your cached password will expire at: "
msgstr ", su contraseña cacheada vencerá el:"
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:639
#, c-format
msgid "Your password has expired. You have %d grace login(s) remaining."
msgstr "Su contraseña ha expirado. Dispone de %d ingreso(s) excepcionales. "
-#: src/sss_client/pam_sss.c:689
+#: src/sss_client/pam_sss.c:685
#, c-format
msgid "Your password will expire in %d %s."
msgstr "Su contraseña expirará en %d %s."
-#: src/sss_client/pam_sss.c:738
+#: src/sss_client/pam_sss.c:734
msgid "Authentication is denied until: "
msgstr "La autenticación ha sido denegada hasta:"
-#: src/sss_client/pam_sss.c:759
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr "El sistema está fuera de línea, no se puede cambiar la contraseña"
-#: src/sss_client/pam_sss.c:789 src/sss_client/pam_sss.c:802
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr "Falló el cambio de contraseña."
-#: src/sss_client/pam_sss.c:792 src/sss_client/pam_sss.c:803
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr "Mensaje del servidor:"
-#: src/sss_client/pam_sss.c:1286
+#: src/sss_client/pam_sss.c:1288
msgid "New Password: "
msgstr "Nueva contraseña: "
-#: src/sss_client/pam_sss.c:1287
+#: src/sss_client/pam_sss.c:1289
msgid "Reenter new Password: "
msgstr "Reingrese la contraseña nueva:"
-#: src/sss_client/pam_sss.c:1373
+#: src/sss_client/pam_sss.c:1375
msgid "Password: "
msgstr "Contraseña: "
-#: src/sss_client/pam_sss.c:1405
+#: src/sss_client/pam_sss.c:1407
msgid "Current Password: "
msgstr "Contraseña actual: "
-#: src/sss_client/pam_sss.c:1552
+#: src/sss_client/pam_sss.c:1554
msgid "Password expired. Change your password now."
msgstr "La contraseña ha expirado. Modifíquela en este preciso momento."
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:211 src/tools/sss_useradd.c:48
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:43
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:615
#: src/tools/sss_userdel.c:131 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:254 src/tools/sss_debuglevel.c:75
+#: src/tools/sss_cache.c:321 src/tools/sss_debuglevel.c:75
msgid "The debug level to run with"
msgstr "Nivel de depuración en que se debe ejecutar"
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:215
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:199
msgid "The SSSD domain to use"
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:58
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:229 src/tools/sss_useradd.c:71
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:216 src/tools/sss_useradd.c:71
#: src/tools/sss_groupadd.c:56 src/tools/sss_groupdel.c:52
#: src/tools/sss_groupmod.c:63 src/tools/sss_groupshow.c:626
#: src/tools/sss_userdel.c:148 src/tools/sss_usermod.c:72
-#: src/tools/sss_cache.c:275
+#: src/tools/sss_cache.c:352
msgid "Error setting the locale\n"
msgstr "Error al poner la región\n"
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:65
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:91
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:236
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:269
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:115
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:223
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:283
msgid "Not enough memory\n"
msgstr ""
@@ -1058,35 +1121,43 @@ msgstr ""
msgid "User not specified\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:104
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:282
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:105
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:297
msgid "Error looking up public keys\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:94
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:76
msgid "Failed to open a socket\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:104
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:86
msgid "Failed to connect to the server\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:179
msgid "Failed to execute proxy command\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:213
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:197
msgid "The port to use to connect to the host"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:255
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:242
msgid "Host not specified\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:261
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:248
msgid "The path to the proxy command must be absolute\n"
msgstr ""
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:263
+msgid "Host name cannot be resolved\n"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:274
+msgid "Reverse lookup failed\n"
+msgstr ""
+
#: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
msgid "The UID of the user"
msgstr "El UID del usuario"
@@ -1487,44 +1558,87 @@ msgstr ""
msgid "Transaction error. Could not modify user.\n"
msgstr "Error de transacción. No se pudo modificar el usuario.\n"
-#: src/tools/sss_cache.c:132
+#: src/tools/sss_cache.c:138
+msgid "No cache object matched the specified search\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:172
+#, c-format
+msgid "No such %s named %s, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:175
+#, c-format
+msgid "No objects of type %s in the cache, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:187
#, c-format
msgid "Couldn't invalidate %s"
msgstr ""
-#: src/tools/sss_cache.c:138
+#: src/tools/sss_cache.c:194
#, c-format
msgid "Couldn't invalidate %s %s"
msgstr ""
-#: src/tools/sss_cache.c:256
+#: src/tools/sss_cache.c:323
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:258
+#: src/tools/sss_cache.c:325
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:260
+#: src/tools/sss_cache.c:327
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:262
+#: src/tools/sss_cache.c:329
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:264
+#: src/tools/sss_cache.c:331
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:266
+#: src/tools/sss_cache.c:333
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:268
+#: src/tools/sss_cache.c:335
+msgid "Invalidate particular service"
+msgstr ""
+
+#: src/tools/sss_cache.c:337
+msgid "Invalidate all services"
+msgstr ""
+
+#: src/tools/sss_cache.c:340
+msgid "Invalidate particular autofs map"
+msgstr ""
+
+#: src/tools/sss_cache.c:342
+msgid "Invalidate all autofs maps"
+msgstr ""
+
+#: src/tools/sss_cache.c:345
msgid "Only invalidate entries from a particular domain"
msgstr ""
+#: src/tools/sss_cache.c:384
+msgid "Please select at least one object to invalidate\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:455
+#, c-format
+msgid "Could not open domain %s\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:457
+msgid "Could not open available domains\n"
+msgstr ""
+
#: src/tools/sss_debuglevel.c:43
msgid "\n"
msgstr ""
@@ -1542,6 +1656,6 @@ msgstr "Falta memoria\n"
msgid "%s must be run as root\n"
msgstr "%s se debe ejecutar como root\n"
-#: src/util/util.h:91
+#: src/util/util.h:93
msgid "Send the debug output to files instead of stderr"
msgstr "Envia el resultado de la depuración hacia archivos en lugar de stderr"
diff --git a/po/fr.po b/po/fr.po
index d24a0acd2..5e712aaf9 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -4,13 +4,15 @@
#
# Translators:
# Fabien Archambault <marbolangos@gmail.com>, 2012.
+# Jérôme Fenal <jfenal@gmail.com>, 2012.
+# Mariko Vincent <dweu60@gmail.com>, 2012.
msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2012-03-12 16:37-0400\n"
-"PO-Revision-Date: 2012-03-08 11:41+0000\n"
-"Last-Translator: Fabien Archambault <marbolangos@gmail.com>\n"
+"POT-Creation-Date: 2012-05-11 14:59-0400\n"
+"PO-Revision-Date: 2012-05-08 08:54+0000\n"
+"Last-Translator: Jérôme Fenal <jfenal@gmail.com>\n"
"Language-Team: French <trans-fr@lists.fedoraproject.org>\n"
"Language: fr\n"
"MIME-Version: 1.0\n"
@@ -29,6 +31,7 @@ msgstr "Ajouter l'horodatage dans les fichiers de débogage"
#: src/config/SSSDConfig.py:41
msgid "Include microseconds in timestamps in debug logs"
msgstr ""
+"Ajouter les microsecondes pour l'horodatage dans les journaux de débogage"
#: src/config/SSSDConfig.py:42
msgid "Write debug messages to logfiles"
@@ -39,91 +42,106 @@ msgid "Ping timeout before restarting service"
msgstr "Délai d'attente de réponse avant de redémarrer le service"
#: src/config/SSSDConfig.py:44
+msgid ""
+"Timeout between three failed ping checks and forcibly killing the service"
+msgstr ""
+
+#: src/config/SSSDConfig.py:45
msgid "Command to start service"
msgstr "Commande pour démarrer le service"
-#: src/config/SSSDConfig.py:45
+#: src/config/SSSDConfig.py:46
msgid "Number of times to attempt connection to Data Providers"
msgstr "Nombre d'essais pour tenter de se connecter au fournisseur de données"
-#: src/config/SSSDConfig.py:46
+#: src/config/SSSDConfig.py:47
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig.py:49
+#: src/config/SSSDConfig.py:50
msgid "SSSD Services to start"
msgstr "Services SSSD à démarrer"
-#: src/config/SSSDConfig.py:50
+#: src/config/SSSDConfig.py:51
msgid "SSSD Domains to start"
msgstr "Domaines SSSD à démarrer"
-#: src/config/SSSDConfig.py:51
+#: src/config/SSSDConfig.py:52
msgid "Timeout for messages sent over the SBUS"
msgstr "Délai d'attente pour les messages à envoyer à travers SBUS"
-#: src/config/SSSDConfig.py:52
+#: src/config/SSSDConfig.py:53
msgid "Regex to parse username and domain"
msgstr "Expression rationnelle d'analyse des noms d'utilisateur et de domaine"
-#: src/config/SSSDConfig.py:53
+#: src/config/SSSDConfig.py:54
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr "Format compatible printf d'affichage des noms complétement qualifiés"
-#: src/config/SSSDConfig.py:54
+#: src/config/SSSDConfig.py:55
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
+"Répertoire du système de fichiers où SSSD doit stocker les fichiers de "
+"relecture de Kerberos."
-#: src/config/SSSDConfig.py:57
+#: src/config/SSSDConfig.py:58
msgid "Enumeration cache timeout length (seconds)"
msgstr "Délai d'attente du cache d'énumération (en secondes)"
-#: src/config/SSSDConfig.py:58
+#: src/config/SSSDConfig.py:59
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
"Délai d'attente de mise à jour en arrière-plan de l'entrée de cache (en "
"secondes)"
-#: src/config/SSSDConfig.py:59 src/config/SSSDConfig.py:82
+#: src/config/SSSDConfig.py:60 src/config/SSSDConfig.py:85
msgid "Negative cache timeout length (seconds)"
msgstr "Délai d'attente du cache négatif (en secondes)"
-#: src/config/SSSDConfig.py:60
+#: src/config/SSSDConfig.py:61
msgid "Users that SSSD should explicitly ignore"
msgstr "Utilisateurs que SSSD doit explicitement ignorer"
-#: src/config/SSSDConfig.py:61
+#: src/config/SSSDConfig.py:62
msgid "Groups that SSSD should explicitly ignore"
msgstr "Groupes que SSSD doit explicitement ignorer"
-#: src/config/SSSDConfig.py:62
+#: src/config/SSSDConfig.py:63
msgid "Should filtered users appear in groups"
msgstr "Les utilisateurs filtrés doivent-ils apparaître dans les groupes"
-#: src/config/SSSDConfig.py:63
+#: src/config/SSSDConfig.py:64
msgid "The value of the password field the NSS provider should return"
msgstr "Valeur du champ de mot de passe que le fournisseur NSS doit renvoyer"
-#: src/config/SSSDConfig.py:64
+#: src/config/SSSDConfig.py:65
msgid "Override homedir value from the identity provider with this value"
msgstr ""
"Remplacer par cette valeur celle du répertoire personnel obtenu avec le "
"fournisseur d'identité"
-#: src/config/SSSDConfig.py:65
+#: src/config/SSSDConfig.py:66
+#, fuzzy
+msgid ""
+"Substitute empty homedir value from the identity provider with this value"
+msgstr ""
+"Remplacer par cette valeur celle du répertoire personnel obtenu avec le "
+"fournisseur d'identité"
+
+#: src/config/SSSDConfig.py:67
msgid "The list of shells users are allowed to log in with"
msgstr ""
"Liste des interpréteurs de commandes utilisateurs autorisés pour se connecter"
-#: src/config/SSSDConfig.py:66
+#: src/config/SSSDConfig.py:68
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
"Liste des interpréteurs de commandes bannis et remplacés par celui par défaut"
-#: src/config/SSSDConfig.py:67
+#: src/config/SSSDConfig.py:69
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
@@ -132,16 +150,20 @@ msgstr ""
"mais indisponible, utiliser à défaut celui-ci"
#: src/config/SSSDConfig.py:70
+msgid "Shell to use if the provider does not list one"
+msgstr ""
+
+#: src/config/SSSDConfig.py:73
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
"Délai pendant lequel les connexions utilisant le cache sont autorisées entre "
"deux connexions en ligne (en jours)"
-#: src/config/SSSDConfig.py:71
+#: src/config/SSSDConfig.py:74
msgid "How many failed logins attempts are allowed when offline"
msgstr "Nombre d'échecs de connexions hors-ligne autorisés"
-#: src/config/SSSDConfig.py:72
+#: src/config/SSSDConfig.py:75
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
@@ -149,773 +171,825 @@ msgstr ""
"Durée d'interdiction de connexion après que offline_failed_login_attempts "
"est atteint (en minutes)"
-#: src/config/SSSDConfig.py:73
+#: src/config/SSSDConfig.py:76
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
"Quels types de messages sont affichés à l'utilisateur pendant "
"l'authentification"
-#: src/config/SSSDConfig.py:74
+#: src/config/SSSDConfig.py:77
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
"Durée en secondes pendant laquelle les informations d'identité sont gardées "
"en cache pour les requêtes PAM"
-#: src/config/SSSDConfig.py:75
+#: src/config/SSSDConfig.py:78
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
"Nombre de jours précédent l'expiration du mot de passe avant lesquels un "
"avertissement doit être affiché"
-#: src/config/SSSDConfig.py:78
+#: src/config/SSSDConfig.py:81
msgid "Whether to evaluate the time-based attributes in sudo rules"
-msgstr ""
+msgstr "Faut-il évaluer les attributs dépendants du temps dans les règles sudo"
-#: src/config/SSSDConfig.py:79
+#: src/config/SSSDConfig.py:82
msgid ""
"How many seconds to keep sudorules cached before asking the provider again"
msgstr ""
+"Durée, en secondes, pendant laquelle les règles sudo sont mises en cache "
+"avant de demander au fournisseur à nouveau"
+
+#: src/config/SSSDConfig.py:88
+msgid "Whether to hash host names and adresses in the known_hosts file"
+msgstr ""
-#: src/config/SSSDConfig.py:85
+#: src/config/SSSDConfig.py:91
msgid "Identity provider"
msgstr "Fournisseur d'identité"
-#: src/config/SSSDConfig.py:86
+#: src/config/SSSDConfig.py:92
msgid "Authentication provider"
msgstr "Fournisseur d'authentification"
-#: src/config/SSSDConfig.py:87
+#: src/config/SSSDConfig.py:93
msgid "Access control provider"
msgstr "Fournisseur de contrôle d'accès"
-#: src/config/SSSDConfig.py:88
+#: src/config/SSSDConfig.py:94
msgid "Password change provider"
msgstr "Fournisseur de changement de mot de passe"
-#: src/config/SSSDConfig.py:89
+#: src/config/SSSDConfig.py:95
msgid "SUDO provider"
-msgstr ""
+msgstr "Fournisseur SUDO"
-#: src/config/SSSDConfig.py:90
+#: src/config/SSSDConfig.py:96
msgid "Autofs provider"
-msgstr ""
+msgstr "Fournisseur autofs"
-#: src/config/SSSDConfig.py:91
+#: src/config/SSSDConfig.py:97
msgid "Session-loading provider"
-msgstr ""
+msgstr "Fournisseur de chargement de session"
-#: src/config/SSSDConfig.py:92
+#: src/config/SSSDConfig.py:98
msgid "Host identity provider"
-msgstr ""
+msgstr "Fournisseur d'identité de l'hôte"
-#: src/config/SSSDConfig.py:95
+#: src/config/SSSDConfig.py:101
msgid "Minimum user ID"
msgstr "Identifiant utilisateur minimum"
-#: src/config/SSSDConfig.py:96
+#: src/config/SSSDConfig.py:102
msgid "Maximum user ID"
msgstr "Identifiant utilisateur maximum"
-#: src/config/SSSDConfig.py:97
+#: src/config/SSSDConfig.py:103
msgid "Enable enumerating all users/groups"
msgstr "Activer l'énumération de tous les utilisateurs/groupes"
-#: src/config/SSSDConfig.py:98
+#: src/config/SSSDConfig.py:104
msgid "Cache credentials for offline login"
msgstr "Mettre en cache les crédits pour une connexion hors-ligne"
-#: src/config/SSSDConfig.py:99
+#: src/config/SSSDConfig.py:105
msgid "Store password hashes"
msgstr "Stocker les sommes de contrôle des mots de passe"
-#: src/config/SSSDConfig.py:100
+#: src/config/SSSDConfig.py:106
msgid "Display users/groups in fully-qualified form"
msgstr "Afficher les utilisateurs/groupes dans un format complétement qualifié"
-#: src/config/SSSDConfig.py:101 src/config/SSSDConfig.py:108
-#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
-#: src/config/SSSDConfig.py:111 src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:115 src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:117 src/config/SSSDConfig.py:118
msgid "Entry cache timeout length (seconds)"
msgstr "Durée de validité des entrées en cache (en secondes)"
-#: src/config/SSSDConfig.py:102
+#: src/config/SSSDConfig.py:108
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr "Restreindre ou préférer une famille d'adresses lors des recherches DNS"
-#: src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:109
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
"Durée de validité des entrées en cache après la dernière connexion réussie "
"(en jours)"
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:110
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
"Délai d'attente des réponses du DNS lors de la résolution des serveurs (en "
"secondes)"
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:111
msgid "The domain part of service discovery DNS query"
msgstr "La partie domaine de la requête de découverte de service DNS"
-#: src/config/SSSDConfig.py:106
+#: src/config/SSSDConfig.py:112
msgid "Override GID value from the identity provider with this value"
msgstr "Écraser la valeur du GID du fournisseur d'identité avec cette valeur"
-#: src/config/SSSDConfig.py:107
+#: src/config/SSSDConfig.py:113
msgid "Treat usernames as case sensitive"
-msgstr ""
+msgstr "Considère les noms d'utilisateur comme casse dépendant"
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:121
msgid "IPA domain"
msgstr "Domaine IPA"
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:122
msgid "IPA server address"
msgstr "Adresse du serveur IPA"
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:123
msgid "IPA client hostname"
msgstr "Nom de système du client IPA"
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:124
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
"Choisir de mettre à jour automatiquement l'entrée DNS du client dans FreeIPA"
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:125
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
"L'interface dont l'adresse IP doit être utilisée pour les mises à jour "
"dynamiques du DNS"
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:126
msgid "Search base for HBAC related objects"
msgstr "Base de recherche pour les objets HBAC"
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:127
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr "Délai entre les recherches de règles HBAC sur le serveur IPA"
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:128
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr "Si les règles DENY sont présentes, utiliser soit DENY_ALL soit IGNORE"
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:129
msgid "If set to false, host argument given by PAM will be ignored"
-msgstr ""
+msgstr "Si mit à false, l’argument de l'hôte donné par PAM est ignoré"
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:130
msgid "The automounter location this IPA client is using"
msgstr ""
+"L'emplacement de la carte de montage automatique utilisée par le client IPA"
-#: src/config/SSSDConfig.py:127 src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:133 src/config/SSSDConfig.py:134
msgid "Kerberos server address"
msgstr "Adresse du serveur Kerberos"
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:135
msgid "Kerberos realm"
msgstr "Domaine Kerberos"
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:136
msgid "Authentication timeout"
msgstr "Délai avant expiration de l'authentification"
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:139
msgid "Directory to store credential caches"
msgstr "Répertoire pour stocker les caches de crédits"
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:140
msgid "Location of the user's credential cache"
msgstr "Emplacement du cache de crédits de l'utilisateur"
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:141
msgid "Location of the keytab to validate credentials"
msgstr "Emplacement du fichier keytab de validation des crédits"
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:142
msgid "Enable credential validation"
msgstr "Activer la validation des crédits"
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:143
msgid "Store password if offline for later online authentication"
msgstr ""
"Stocker le mot de passe, si hors-ligne, pour une authentification ultérieure "
"en ligne"
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:144
msgid "Renewable lifetime of the TGT"
msgstr "Durée de vie renouvelable du TGT"
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of the TGT"
msgstr "Durée de vie du TGT"
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:146
msgid "Time between two checks for renewal"
msgstr "Durée entre deux vérifications pour le renouvellement"
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:147
msgid "Enables FAST"
msgstr "Active FAST"
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:148
msgid "Selects the principal to use for FAST"
-msgstr ""
+msgstr "Sélectionne le principal pour être utilisé avec FAST"
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:149
msgid "Enables principal canonicalization"
-msgstr ""
+msgstr "Active la canonisation du principal"
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:152
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"Serveur où tourne le service de changement de mot de passe s'il n'est pas "
"sur le KDC"
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:155
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, l'adresse du serveur LDAP"
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:156
msgid "The default base DN"
msgstr "La base DN par défaut"
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:157
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Le type de schéma utilisé sur le serveur LDAP, rfc2307"
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:158
msgid "The default bind DN"
msgstr "Le DN de connexion par défaut"
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:159
msgid "The type of the authentication token of the default bind DN"
msgstr "Le type de jeton d'authentification du DN de connexion par défaut"
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:160
msgid "The authentication token of the default bind DN"
msgstr "Le jeton d'authentification du DN de connexion par défaut"
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:161
msgid "Length of time to attempt connection"
msgstr "Durée pendant laquelle il sera tenté d'établir la connexion"
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:162
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Durée pendant laquelle il sera tenté des opérations LDAP synchrones"
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:163
msgid "Length of time between attempts to reconnect while offline"
msgstr "Durée d'attente entre deux essais de reconnexion en mode hors-ligne"
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:164
msgid "Use only the upper case for realm names"
msgstr "N'utiliser que des majuscules pour les noms de domaine"
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:165
msgid "File that contains CA certificates"
msgstr "Fichier contenant les certificats des CA"
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:166
msgid "Path to CA certificate directory"
msgstr "Chemin vers le répertoire de certificats des CA"
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:167
msgid "File that contains the client certificate"
msgstr "Fichier contenant le certificat client"
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:168
msgid "File that contains the client key"
msgstr "Fichier contenant la clé du client"
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:169
msgid "List of possible ciphers suites"
msgstr "Liste des suites de chiffrement possibles"
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:170
msgid "Require TLS certificate verification"
msgstr "Requiert une vérification de certificat TLS"
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:171
msgid "Specify the sasl mechanism to use"
msgstr "Spécifier le mécanisme SASL à utiliser"
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:172
msgid "Specify the sasl authorization id to use"
msgstr "Spécifier l'identité d'authorisation SASL à utiliser"
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:173
msgid "Specify the sasl authorization realm to use"
msgstr "Spécifier le domaine d'authorisation SASL à utiliser"
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:174
msgid "Specify the minimal SSF for LDAP sasl authorization"
-msgstr ""
+msgstr "Spécifie le minimum SSF pour l'autorisation sasl LDAP"
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:175
msgid "Kerberos service keytab"
msgstr "Service du fichier keytab de Kerberos"
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:176
msgid "Use Kerberos auth for LDAP connection"
msgstr "Utiliser l'authentification Kerberos pour la connexion LDAP"
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:177
msgid "Follow LDAP referrals"
msgstr "Suivre les référents LDAP"
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:178
msgid "Lifetime of TGT for LDAP connection"
msgstr "Durée de vie du TGT pour la connexion LDAP"
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:179
msgid "How to dereference aliases"
msgstr "Comment déréférencer les alias"
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:180
msgid "Service name for DNS service lookups"
msgstr "Nom du service pour les recherches DNS"
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:181
msgid "The number of records to retrieve in a single LDAP query"
msgstr "Le nombre d'enregistrements à récupérer dans une requête LDAP unique"
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:182
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
"Nombre de membres qui doivent être manquants pour activer un déréférencement "
"complet"
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:183
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
+"Est-ce que la bibliothèque LDAP doit effectuer une requête pour canoniser le "
+"nom d'hôte pendant une connexion SASL ?"
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:185
msgid "entryUSN attribute"
msgstr "attribut entryUSN"
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:186
msgid "lastUSN attribute"
msgstr "attribut lastUSN"
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:188
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
+"Combien de temps conserver la connexion au serveur LDAP avant de se "
+"déconnecter"
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:190
msgid "Disable the LDAP paging control"
-msgstr ""
+msgstr "Désactiver le contrôle des pages LDAP"
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:193
msgid "Length of time to wait for a search request"
msgstr "Durée d'attente pour une requête de recherche"
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:194
msgid "Length of time to wait for a enumeration request"
msgstr "Durée d'attente pour une requête d'énumération"
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:195
msgid "Length of time between enumeration updates"
msgstr "Durée entre deux mises à jour d'énumération"
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:196
msgid "Length of time between cache cleanups"
msgstr "Durée entre les nettoyages de cache"
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:197
msgid "Require TLS for ID lookups"
msgstr "TLS est requis pour les recherches d'identifiants"
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:198
+msgid "Use ID-mapping of objectSID instead of pre-set IDs"
+msgstr ""
+
+#: src/config/SSSDConfig.py:199
msgid "Base DN for user lookups"
msgstr "Base DN pour les recherches d'utilisateurs"
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:200
msgid "Scope of user lookups"
msgstr "Scope des recherches d'utilisateurs"
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:201
msgid "Filter for user lookups"
msgstr "Filtre pour les recherches d'utilisateurs"
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:202
msgid "Objectclass for users"
msgstr "Classe d'objet pour les utilisateurs"
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:203
msgid "Username attribute"
msgstr "Attribut de nom d'utilisateur"
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:205
msgid "UID attribute"
msgstr "Attribut UID"
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:206
msgid "Primary GID attribute"
msgstr "Attribut de GID primaire"
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:207
msgid "GECOS attribute"
msgstr "Attribut GECOS"
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:208
msgid "Home directory attribute"
msgstr "Attribut de répertoire utilisateur"
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:209
msgid "Shell attribute"
msgstr "Attribut d'interpréteur de commandes"
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:210
msgid "UUID attribute"
msgstr "Attribut UUID"
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:211 src/config/SSSDConfig.py:247
+#, fuzzy
+msgid "objectSID attribute"
+msgstr "Attribut UID"
+
+#: src/config/SSSDConfig.py:212
+msgid "Active Directory primary group attribute for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:213
msgid "User principal attribute (for Kerberos)"
msgstr "Attribut d'utilisateur principal (pour Kerberos)"
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:214
msgid "Full Name"
msgstr "Nom complet"
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:215
msgid "memberOf attribute"
msgstr "Attribut memberOf"
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:216
msgid "Modification time attribute"
msgstr "Attribut de date de modification"
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:218
msgid "shadowLastChange attribute"
msgstr "Attribut shadowLastChange"
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:219
msgid "shadowMin attribute"
msgstr "Attribut shadowMin"
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:220
msgid "shadowMax attribute"
msgstr "Attribut shadowMax"
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:221
msgid "shadowWarning attribute"
msgstr "Attribut shadowWarning"
-#: src/config/SSSDConfig.py:213
+#: src/config/SSSDConfig.py:222
msgid "shadowInactive attribute"
msgstr "Attribut shadowInactive"
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:223
msgid "shadowExpire attribute"
msgstr "Attribut shadowExpire"
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:224
msgid "shadowFlag attribute"
msgstr "Attribut shadowFlag"
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:225
msgid "Attribute listing authorized PAM services"
msgstr "Attribut listant les services PAM autorisés"
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:226
msgid "Attribute listing authorized server hosts"
msgstr "Attribut listant les systèmes serveurs autorisés"
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:227
msgid "krbLastPwdChange attribute"
msgstr "Attribut krbLastPwdChange"
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:228
msgid "krbPasswordExpiration attribute"
msgstr "Attribut krbPasswordExpiration"
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:229
msgid "Attribute indicating that server side password policies are active"
msgstr ""
"Attribut indiquant que la stratégie de mot de passe du serveur est active"
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:230
msgid "accountExpires attribute of AD"
msgstr "Attribut AD accountExpires"
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:231
msgid "userAccountControl attribute of AD"
msgstr "Attribut AD userAccountControl"
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:232
msgid "nsAccountLock attribute"
msgstr "Attribut nsAccountLock"
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:233
msgid "loginDisabled attribute of NDS"
msgstr "Attribut NDS loginDisabled"
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:234
msgid "loginExpirationTime attribute of NDS"
msgstr "Attribut NDS loginExpirationTime"
-#: src/config/SSSDConfig.py:226
+#: src/config/SSSDConfig.py:235
msgid "loginAllowedTimeMap attribute of NDS"
msgstr "Attribut NDS loginAllowedTimeMap"
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:236
msgid "SSH public key attribute"
-msgstr ""
+msgstr "Attribut de clé public SSH"
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:238
msgid "Base DN for group lookups"
msgstr "DN de base pour les recherches de groupes"
-#: src/config/SSSDConfig.py:232
+#: src/config/SSSDConfig.py:241
msgid "Objectclass for groups"
msgstr "Classe d'objet pour les groupes"
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:242
msgid "Group name"
msgstr "Nom du groupe"
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:243
msgid "Group password"
msgstr "Mot de passe du groupe"
-#: src/config/SSSDConfig.py:235
+#: src/config/SSSDConfig.py:244
msgid "GID attribute"
msgstr "Attribut GID"
-#: src/config/SSSDConfig.py:236
+#: src/config/SSSDConfig.py:245
msgid "Group member attribute"
msgstr "Attribut membre du groupe"
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:246
msgid "Group UUID attribute"
msgstr "Attribut d'UUID du groupe"
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:248
msgid "Modification time attribute for groups"
msgstr "Attribut de date de modification pour les groupes"
-#: src/config/SSSDConfig.py:240
+#: src/config/SSSDConfig.py:250
msgid "Maximum nesting level SSSd will follow"
msgstr "Niveau de récursion maximum que SSSd doit suivre"
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:252
msgid "Base DN for netgroup lookups"
msgstr "DN de base pour les recherches de netgroup"
-#: src/config/SSSDConfig.py:243
+#: src/config/SSSDConfig.py:253
msgid "Objectclass for netgroups"
msgstr "Classe d'objet pour les groupes réseau"
-#: src/config/SSSDConfig.py:244
+#: src/config/SSSDConfig.py:254
msgid "Netgroup name"
msgstr "Nom du groupe réseau"
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:255
msgid "Netgroups members attribute"
msgstr "Attribut des membres des groupes réseau"
-#: src/config/SSSDConfig.py:246
+#: src/config/SSSDConfig.py:256
msgid "Netgroup triple attribute"
msgstr "Attribut triplet du groupe réseau"
-#: src/config/SSSDConfig.py:247
+#: src/config/SSSDConfig.py:257
msgid "Netgroup UUID attribute"
msgstr "Attribut d'UUID du groupe réseau"
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:258
msgid "Modification time attribute for netgroups"
msgstr "Attribut date de modification pour les groupes réseau"
-#: src/config/SSSDConfig.py:250
+#: src/config/SSSDConfig.py:260
msgid "Base DN for service lookups"
-msgstr ""
+msgstr "Nom de domaine (DN) de base pour les recherches de service"
-#: src/config/SSSDConfig.py:251
+#: src/config/SSSDConfig.py:261
msgid "Objectclass for services"
-msgstr ""
+msgstr "Classe objet pour les services"
-#: src/config/SSSDConfig.py:252
+#: src/config/SSSDConfig.py:262
msgid "Service name attribute"
-msgstr ""
+msgstr "Attribut de nom de service"
-#: src/config/SSSDConfig.py:253
+#: src/config/SSSDConfig.py:263
msgid "Service port attribute"
-msgstr ""
+msgstr "Attribut de port du service"
-#: src/config/SSSDConfig.py:254
+#: src/config/SSSDConfig.py:264
msgid "Service protocol attribute"
+msgstr "Attribut de service du protocole"
+
+#: src/config/SSSDConfig.py:267
+msgid "Lower bound for ID-mapping"
msgstr ""
-#: src/config/SSSDConfig.py:258
+#: src/config/SSSDConfig.py:268
+msgid "Upper bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:269
+msgid "Number of IDs for each slice when ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:270
+msgid "Use autorid-compatible algorithm for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:271
+msgid "Name of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:272
+msgid "SID of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:275
msgid "Policy to evaluate the password expiration"
msgstr "Stratégie d'évaluation de l'expiration du mot de passe"
-#: src/config/SSSDConfig.py:261
+#: src/config/SSSDConfig.py:278
msgid "LDAP filter to determine access privileges"
msgstr "Filtre LDAP pour déterminer les autorisations d'accès"
-#: src/config/SSSDConfig.py:262
+#: src/config/SSSDConfig.py:279
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr "Quels attributs utiliser pour déterminer si un compte a expiré"
-#: src/config/SSSDConfig.py:263
+#: src/config/SSSDConfig.py:280
msgid "Which rules should be used to evaluate access control"
msgstr "Quelles règles utiliser pour évaluer le contrôle d'accès"
-#: src/config/SSSDConfig.py:266
+#: src/config/SSSDConfig.py:283
msgid "URI of an LDAP server where password changes are allowed"
msgstr "URI d'un serveur LDAP où les changements de mot de passe sont acceptés"
-#: src/config/SSSDConfig.py:267
+#: src/config/SSSDConfig.py:284
msgid "DNS service name for LDAP password change server"
msgstr "Nom du service DNS pour le serveur de changement de mot de passe LDAP"
-#: src/config/SSSDConfig.py:270
+#: src/config/SSSDConfig.py:287
msgid "Base DN for sudo rules lookups"
-msgstr ""
+msgstr "Nom de domaine (DN) de base pour les recherches de règles sudo"
-#: src/config/SSSDConfig.py:271
+#: src/config/SSSDConfig.py:288
msgid "Enable periodical update of all sudo rules"
-msgstr ""
+msgstr "Activer la mise à jour périodique de toutes les règles sudo"
-#: src/config/SSSDConfig.py:272
+#: src/config/SSSDConfig.py:289
msgid "Length of time between rules updates"
-msgstr ""
+msgstr "Intervalle de temps entre deux mises à jour de règles"
-#: src/config/SSSDConfig.py:273
+#: src/config/SSSDConfig.py:290
msgid "Object class for sudo rules"
-msgstr ""
+msgstr "Classe objet pour les règles sudo"
-#: src/config/SSSDConfig.py:274
+#: src/config/SSSDConfig.py:291
msgid "Sudo rule name"
-msgstr ""
+msgstr "Règle de nom sudo"
-#: src/config/SSSDConfig.py:275
+#: src/config/SSSDConfig.py:292
msgid "Sudo rule command attribute"
-msgstr ""
+msgstr "Attribut de commande de règle sudo"
-#: src/config/SSSDConfig.py:276
+#: src/config/SSSDConfig.py:293
msgid "Sudo rule host attribute"
-msgstr ""
+msgstr "Attribut hôte de la règle sudo"
-#: src/config/SSSDConfig.py:277
+#: src/config/SSSDConfig.py:294
msgid "Sudo rule user attribute"
-msgstr ""
+msgstr "Attribut utilisateur de la règle sudo"
-#: src/config/SSSDConfig.py:278
+#: src/config/SSSDConfig.py:295
msgid "Sudo rule option attribute"
-msgstr ""
+msgstr "Attribut option de la règle sudo"
-#: src/config/SSSDConfig.py:279
+#: src/config/SSSDConfig.py:296
msgid "Sudo rule runasuser attribute"
-msgstr ""
+msgstr "Attribut runasuser de la règle sudo"
-#: src/config/SSSDConfig.py:280
+#: src/config/SSSDConfig.py:297
msgid "Sudo rule runasgroup attribute"
-msgstr ""
+msgstr "Attribut runasgroup de la règle sudo"
-#: src/config/SSSDConfig.py:281
+#: src/config/SSSDConfig.py:298
msgid "Sudo rule notbefore attribute"
-msgstr ""
+msgstr "Attribut notbefore de la règle sudo"
-#: src/config/SSSDConfig.py:282
+#: src/config/SSSDConfig.py:299
msgid "Sudo rule notafter attribute"
-msgstr ""
+msgstr "Attribut notafter de règle sudo"
-#: src/config/SSSDConfig.py:283
+#: src/config/SSSDConfig.py:300
msgid "Sudo rule order attribute"
-msgstr ""
+msgstr "Attribut d'ordre de règle sudo"
-#: src/config/SSSDConfig.py:286
+#: src/config/SSSDConfig.py:303
msgid "Object class for automounter maps"
-msgstr ""
+msgstr "Classe objet pour la carte de montage automatique"
-#: src/config/SSSDConfig.py:287
+#: src/config/SSSDConfig.py:304
msgid "Automounter map name attribute"
-msgstr ""
+msgstr "Nom de l'attribut de carte de montage automatique"
-#: src/config/SSSDConfig.py:288
+#: src/config/SSSDConfig.py:305
msgid "Object class for automounter map entries"
-msgstr ""
+msgstr "Classe objet pour l'entrée de référence de montage automatique"
-#: src/config/SSSDConfig.py:289
+#: src/config/SSSDConfig.py:306
msgid "Automounter map entry key attribute"
-msgstr ""
+msgstr "Attribut de clé d'entrée pour la carte de montage automatique"
-#: src/config/SSSDConfig.py:290
+#: src/config/SSSDConfig.py:307
msgid "Automounter map entry value attribute"
-msgstr ""
+msgstr "Attribut de valeur pour la carte de montage automatique"
-#: src/config/SSSDConfig.py:291
+#: src/config/SSSDConfig.py:308
msgid "Base DN for automounter map lookups"
-msgstr ""
+msgstr "Base DN pour les requêtes de carte de montage automatique"
-#: src/config/SSSDConfig.py:294
+#: src/config/SSSDConfig.py:311
msgid "Comma separated list of allowed users"
msgstr "Liste, séparée par des virgules, d'utilisateurs autorisés"
-#: src/config/SSSDConfig.py:295
+#: src/config/SSSDConfig.py:312
msgid "Comma separated list of prohibited users"
msgstr "Liste, séparée par des virgules, d'utilisateurs interdits"
-#: src/config/SSSDConfig.py:298
+#: src/config/SSSDConfig.py:315
msgid "Default shell, /bin/bash"
msgstr "Interpréteur de commande par défaut : /bin/bash"
-#: src/config/SSSDConfig.py:299
+#: src/config/SSSDConfig.py:316
msgid "Base for home directories"
msgstr "Base pour les répertoires utilisateur"
-#: src/config/SSSDConfig.py:302
+#: src/config/SSSDConfig.py:319
msgid "The name of the NSS library to use"
msgstr "Nom de la bibliothèque NSS à utiliser"
-#: src/config/SSSDConfig.py:305
+#: src/config/SSSDConfig.py:320
+msgid "Whether to look up canonical group name from cache if possible"
+msgstr "Rechercher le nom canonique du groupe dans le cache si possible"
+
+#: src/config/SSSDConfig.py:323
msgid "PAM stack to use"
msgstr "Pile PAM à utiliser"
-#: src/monitor/monitor.c:2379
+#: src/monitor/monitor.c:2398
msgid "Become a daemon (default)"
msgstr "Devenir un démon (par défaut)"
-#: src/monitor/monitor.c:2381
+#: src/monitor/monitor.c:2400
msgid "Run interactive (not a daemon)"
msgstr "Fonctionner en interactif (non démon)"
-#: src/monitor/monitor.c:2383 src/tools/sss_debuglevel.c:77
+#: src/monitor/monitor.c:2402 src/tools/sss_debuglevel.c:77
msgid "Specify a non-default config file"
msgstr "Définir un fichier de configuration différent de celui par défaut"
-#: src/monitor/monitor.c:2385
+#: src/monitor/monitor.c:2404
msgid "Print version number and exit"
-msgstr ""
+msgstr "Afficher le numéro de version et quitte"
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381
-#: src/util/util.h:89
+#: src/providers/krb5/krb5_child.c:1606 src/providers/ldap/ldap_child.c:402
+#: src/util/util.h:91
msgid "Debug level"
msgstr "Niveau de débogage"
-#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1608 src/providers/ldap/ldap_child.c:404
+#: src/util/util.h:95
msgid "Add debug timestamps"
msgstr "Ajouter l'horodatage au débogage"
-#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385
-#: src/util/util.h:95
+#: src/providers/krb5/krb5_child.c:1610 src/providers/ldap/ldap_child.c:406
+#: src/util/util.h:97
msgid "Show timestamps with microseconds"
-msgstr ""
+msgstr "Afficher l'horodatage en microsecondes"
-#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387
+#: src/providers/krb5/krb5_child.c:1612 src/providers/ldap/ldap_child.c:408
msgid "An open file descriptor for the debug logs"
msgstr "Un descripteur de fichier ouvert pour les journaux de débogage"
-#: src/providers/data_provider_be.c:2016
+#: src/providers/data_provider_be.c:2217
msgid "Domain of the information provider (mandatory)"
msgstr "Domaine du fournisseur d'informations (obligatoire)"
@@ -927,6 +1001,7 @@ msgstr ""
#: src/sss_client/common.c:881
msgid "Public socket has wrong ownership or permissions."
msgstr ""
+"Le socket public a de mauvaises permissions ou un mauvais propriétaire."
#: src/sss_client/common.c:884
msgid "Unexpected format of the server credential message."
@@ -944,132 +1019,141 @@ msgstr "Une erreur est survenue mais aucune description n'est trouvée."
msgid "Unexpected error while looking for an error description"
msgstr "Erreur inattendue lors de la recherche de la description de l'erreur"
-#: src/sss_client/pam_sss.c:378
+#: src/sss_client/pam_sss.c:379
msgid "Passwords do not match"
msgstr "Les mots de passe ne correspondent pas"
-#: src/sss_client/pam_sss.c:571
+#: src/sss_client/pam_sss.c:567
msgid "Password reset by root is not supported."
msgstr ""
"La réinitialisation du mot de passe par root n'est pas prise en charge."
-#: src/sss_client/pam_sss.c:612
+#: src/sss_client/pam_sss.c:608
msgid "Authenticated with cached credentials"
msgstr "Authentifié avec les crédits mis en cache"
-#: src/sss_client/pam_sss.c:613
+#: src/sss_client/pam_sss.c:609
msgid ", your cached password will expire at: "
msgstr ", votre mot de passe en cache expirera à :"
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:639
#, c-format
msgid "Your password has expired. You have %d grace login(s) remaining."
msgstr "Votre mot de passe a expiré. Il vous reste %d connexion autorisée."
-#: src/sss_client/pam_sss.c:689
+#: src/sss_client/pam_sss.c:685
#, c-format
msgid "Your password will expire in %d %s."
msgstr "Votre mot de passe expirera dans %d %s."
-#: src/sss_client/pam_sss.c:738
+#: src/sss_client/pam_sss.c:734
msgid "Authentication is denied until: "
msgstr "L'authentification est refusée jusque :"
-#: src/sss_client/pam_sss.c:759
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
"Le système est hors-ligne, les modifications du mot de passe sont impossibles"
-#: src/sss_client/pam_sss.c:789 src/sss_client/pam_sss.c:802
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr "Échec du changement de mot de passe."
-#: src/sss_client/pam_sss.c:792 src/sss_client/pam_sss.c:803
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr "Message du serveur : "
-#: src/sss_client/pam_sss.c:1286
+#: src/sss_client/pam_sss.c:1288
msgid "New Password: "
msgstr "Nouveau mot de passe : "
-#: src/sss_client/pam_sss.c:1287
+#: src/sss_client/pam_sss.c:1289
msgid "Reenter new Password: "
msgstr "Retaper le nouveau mot de passe : "
-#: src/sss_client/pam_sss.c:1373
+#: src/sss_client/pam_sss.c:1375
msgid "Password: "
msgstr "Mot de passe : "
-#: src/sss_client/pam_sss.c:1405
+#: src/sss_client/pam_sss.c:1407
msgid "Current Password: "
msgstr "Mot de passe actuel : "
-#: src/sss_client/pam_sss.c:1552
+#: src/sss_client/pam_sss.c:1554
msgid "Password expired. Change your password now."
msgstr "Mot de passe expiré. Changez votre mot de passe maintenant."
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:211 src/tools/sss_useradd.c:48
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:43
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:615
#: src/tools/sss_userdel.c:131 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:254 src/tools/sss_debuglevel.c:75
+#: src/tools/sss_cache.c:321 src/tools/sss_debuglevel.c:75
msgid "The debug level to run with"
msgstr "Le niveau de débogage utilisé avec"
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:215
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:199
msgid "The SSSD domain to use"
-msgstr ""
+msgstr "Le domaine SSSD à utiliser"
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:58
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:229 src/tools/sss_useradd.c:71
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:216 src/tools/sss_useradd.c:71
#: src/tools/sss_groupadd.c:56 src/tools/sss_groupdel.c:52
#: src/tools/sss_groupmod.c:63 src/tools/sss_groupshow.c:626
#: src/tools/sss_userdel.c:148 src/tools/sss_usermod.c:72
-#: src/tools/sss_cache.c:275
+#: src/tools/sss_cache.c:352
msgid "Error setting the locale\n"
msgstr "Erreur lors du paramétrage de la locale\n"
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:65
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:91
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:236
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:269
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:115
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:223
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:283
msgid "Not enough memory\n"
-msgstr ""
+msgstr "Mémoire insuffisante\n"
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:84
msgid "User not specified\n"
-msgstr ""
+msgstr "Utilisateur non spécifié\n"
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:104
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:282
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:105
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:297
msgid "Error looking up public keys\n"
-msgstr ""
+msgstr "Erreur lors de la recherche des clés publiques\n"
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:94
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:76
msgid "Failed to open a socket\n"
-msgstr ""
+msgstr "Échec lors de l'ouverture du socket\n"
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:104
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:86
msgid "Failed to connect to the server\n"
-msgstr ""
+msgstr "Échec lors de la connexion au serveur\n"
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:179
msgid "Failed to execute proxy command\n"
-msgstr ""
+msgstr "Échec lors de l'exécution de la commande proxy\n"
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:213
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:197
msgid "The port to use to connect to the host"
-msgstr ""
+msgstr "Le port à utiliser pour se connecter à l'hôte"
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:255
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:242
msgid "Host not specified\n"
-msgstr ""
+msgstr "Hôte non spécifié\n"
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:261
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:248
msgid "The path to the proxy command must be absolute\n"
-msgstr ""
+msgstr "Le chemin vers la commande de proxy doit être absolue\n"
+
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:263
+msgid "Host name cannot be resolved\n"
+msgstr "Le nom du système ne peut être résolu\n"
+
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:274
+msgid "Reverse lookup failed\n"
+msgstr "Échec de la recherche inverse\n"
#: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
msgid "The UID of the user"
@@ -1309,7 +1393,7 @@ msgstr "%s%s groupe : %s\n"
#: src/tools/sss_groupshow.c:563
msgid "Magic Private "
-msgstr ""
+msgstr "Magie privée"
#: src/tools/sss_groupshow.c:565
#, c-format
@@ -1480,42 +1564,89 @@ msgstr ""
msgid "Transaction error. Could not modify user.\n"
msgstr "Erreur de transaction. Impossible de modifier l'utlisateur.\n"
-#: src/tools/sss_cache.c:132
+#: src/tools/sss_cache.c:138
+msgid "No cache object matched the specified search\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:172
#, c-format
-msgid "Couldn't invalidate %s"
+msgid "No such %s named %s, skipping\n"
msgstr ""
-#: src/tools/sss_cache.c:138
+#: src/tools/sss_cache.c:175
#, c-format
-msgid "Couldn't invalidate %s %s"
+msgid "No objects of type %s in the cache, skipping\n"
msgstr ""
-#: src/tools/sss_cache.c:256
+#: src/tools/sss_cache.c:187
+#, c-format
+msgid "Couldn't invalidate %s"
+msgstr "Impossible d'invalider %s"
+
+#: src/tools/sss_cache.c:194
+#, c-format
+msgid "Couldn't invalidate %s %s"
+msgstr "Impossible d'invalider %s %s"
+
+#: src/tools/sss_cache.c:323
msgid "Invalidate particular user"
-msgstr ""
+msgstr "Invalider un utilisateur spécifique"
-#: src/tools/sss_cache.c:258
+#: src/tools/sss_cache.c:325
msgid "Invalidate all users"
-msgstr ""
+msgstr "Invalider tous les utilisateurs"
-#: src/tools/sss_cache.c:260
+#: src/tools/sss_cache.c:327
msgid "Invalidate particular group"
-msgstr ""
+msgstr "Invalider un groupe particulier"
-#: src/tools/sss_cache.c:262
+#: src/tools/sss_cache.c:329
msgid "Invalidate all groups"
-msgstr ""
+msgstr "Invalider tous les groupes"
-#: src/tools/sss_cache.c:264
+#: src/tools/sss_cache.c:331
msgid "Invalidate particular netgroup"
-msgstr ""
+msgstr "Invalider un groupe réseau particulier"
-#: src/tools/sss_cache.c:266
+#: src/tools/sss_cache.c:333
msgid "Invalidate all netgroups"
-msgstr ""
+msgstr "Invalider tous les groupes réseau"
+
+#: src/tools/sss_cache.c:335
+#, fuzzy
+msgid "Invalidate particular service"
+msgstr "Invalider un utilisateur spécifique"
-#: src/tools/sss_cache.c:268
+#: src/tools/sss_cache.c:337
+#, fuzzy
+msgid "Invalidate all services"
+msgstr "Invalider tous les utilisateurs"
+
+#: src/tools/sss_cache.c:340
+#, fuzzy
+msgid "Invalidate particular autofs map"
+msgstr "Invalider un utilisateur spécifique"
+
+#: src/tools/sss_cache.c:342
+#, fuzzy
+msgid "Invalidate all autofs maps"
+msgstr "Invalider tous les utilisateurs"
+
+#: src/tools/sss_cache.c:345
msgid "Only invalidate entries from a particular domain"
+msgstr "N'invalider des entrées que d'un domaine spécifique"
+
+#: src/tools/sss_cache.c:384
+msgid "Please select at least one object to invalidate\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:455
+#, c-format
+msgid "Could not open domain %s\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:457
+msgid "Could not open available domains\n"
msgstr ""
#: src/tools/sss_debuglevel.c:43
@@ -1524,7 +1655,7 @@ msgstr "\n"
#: src/tools/sss_debuglevel.c:102
msgid "Specify debug level you want to set\n"
-msgstr ""
+msgstr "Définir le niveau de débogage à utiliser\n"
#: src/tools/tools_util.c:280
msgid "Out of memory\n"
@@ -1535,7 +1666,7 @@ msgstr "Mémoire saturée\n"
msgid "%s must be run as root\n"
msgstr "%s doit être exécuté en tant que root\n"
-#: src/util/util.h:91
+#: src/util/util.h:93
msgid "Send the debug output to files instead of stderr"
msgstr ""
"Envoyer la sortie de débogage vers un fichier plutôt que vers la sortie "
diff --git a/po/hu.po b/po/hu.po
index 07fa56722..ba6073393 100644
--- a/po/hu.po
+++ b/po/hu.po
@@ -8,8 +8,8 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2012-03-12 16:37-0400\n"
-"PO-Revision-Date: 2012-03-08 11:42+0000\n"
+"POT-Creation-Date: 2012-05-11 14:59-0400\n"
+"PO-Revision-Date: 2012-04-20 16:09+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: Hungarian <trans-hu@lists.fedoraproject.org>\n"
"Language: hu\n"
@@ -39,851 +39,910 @@ msgid "Ping timeout before restarting service"
msgstr ""
#: src/config/SSSDConfig.py:44
-msgid "Command to start service"
+msgid ""
+"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
#: src/config/SSSDConfig.py:45
-msgid "Number of times to attempt connection to Data Providers"
+msgid "Command to start service"
msgstr ""
#: src/config/SSSDConfig.py:46
+msgid "Number of times to attempt connection to Data Providers"
+msgstr ""
+
+#: src/config/SSSDConfig.py:47
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig.py:49
+#: src/config/SSSDConfig.py:50
msgid "SSSD Services to start"
msgstr ""
-#: src/config/SSSDConfig.py:50
+#: src/config/SSSDConfig.py:51
msgid "SSSD Domains to start"
msgstr ""
-#: src/config/SSSDConfig.py:51
+#: src/config/SSSDConfig.py:52
msgid "Timeout for messages sent over the SBUS"
msgstr ""
-#: src/config/SSSDConfig.py:52
+#: src/config/SSSDConfig.py:53
msgid "Regex to parse username and domain"
msgstr ""
-#: src/config/SSSDConfig.py:53
+#: src/config/SSSDConfig.py:54
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr ""
-#: src/config/SSSDConfig.py:54
+#: src/config/SSSDConfig.py:55
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig.py:57
+#: src/config/SSSDConfig.py:58
msgid "Enumeration cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:58
+#: src/config/SSSDConfig.py:59
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:59 src/config/SSSDConfig.py:82
+#: src/config/SSSDConfig.py:60 src/config/SSSDConfig.py:85
msgid "Negative cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:60
+#: src/config/SSSDConfig.py:61
msgid "Users that SSSD should explicitly ignore"
msgstr "SSSD által figyelmen kívül hagyott felhasználók"
-#: src/config/SSSDConfig.py:61
+#: src/config/SSSDConfig.py:62
msgid "Groups that SSSD should explicitly ignore"
msgstr "SSSD által figyelmen kívül hagyott csoportok"
-#: src/config/SSSDConfig.py:62
+#: src/config/SSSDConfig.py:63
msgid "Should filtered users appear in groups"
msgstr ""
-#: src/config/SSSDConfig.py:63
+#: src/config/SSSDConfig.py:64
msgid "The value of the password field the NSS provider should return"
msgstr ""
-#: src/config/SSSDConfig.py:64
+#: src/config/SSSDConfig.py:65
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:65
+#: src/config/SSSDConfig.py:66
+msgid ""
+"Substitute empty homedir value from the identity provider with this value"
+msgstr ""
+
+#: src/config/SSSDConfig.py:67
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig.py:66
+#: src/config/SSSDConfig.py:68
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig.py:67
+#: src/config/SSSDConfig.py:69
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
#: src/config/SSSDConfig.py:70
+msgid "Shell to use if the provider does not list one"
+msgstr ""
+
+#: src/config/SSSDConfig.py:73
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
-#: src/config/SSSDConfig.py:71
+#: src/config/SSSDConfig.py:74
msgid "How many failed logins attempts are allowed when offline"
msgstr "Hány sikertelen bejelentkezés engedélyezett offline állapotban"
-#: src/config/SSSDConfig.py:72
+#: src/config/SSSDConfig.py:75
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
msgstr ""
-#: src/config/SSSDConfig.py:73
+#: src/config/SSSDConfig.py:76
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig.py:74
+#: src/config/SSSDConfig.py:77
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig.py:75
+#: src/config/SSSDConfig.py:78
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig.py:78
+#: src/config/SSSDConfig.py:81
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:79
+#: src/config/SSSDConfig.py:82
msgid ""
"How many seconds to keep sudorules cached before asking the provider again"
msgstr ""
-#: src/config/SSSDConfig.py:85
+#: src/config/SSSDConfig.py:88
+msgid "Whether to hash host names and adresses in the known_hosts file"
+msgstr ""
+
+#: src/config/SSSDConfig.py:91
msgid "Identity provider"
msgstr ""
-#: src/config/SSSDConfig.py:86
+#: src/config/SSSDConfig.py:92
msgid "Authentication provider"
msgstr "Azonosító-kiszolgáló"
-#: src/config/SSSDConfig.py:87
+#: src/config/SSSDConfig.py:93
msgid "Access control provider"
msgstr ""
-#: src/config/SSSDConfig.py:88
+#: src/config/SSSDConfig.py:94
msgid "Password change provider"
msgstr ""
-#: src/config/SSSDConfig.py:89
+#: src/config/SSSDConfig.py:95
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig.py:90
+#: src/config/SSSDConfig.py:96
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig.py:91
+#: src/config/SSSDConfig.py:97
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig.py:92
+#: src/config/SSSDConfig.py:98
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig.py:95
+#: src/config/SSSDConfig.py:101
msgid "Minimum user ID"
msgstr "Legkisebb felhasználói azonosító"
-#: src/config/SSSDConfig.py:96
+#: src/config/SSSDConfig.py:102
msgid "Maximum user ID"
msgstr "Legnagyobb felhasználói azonosító"
-#: src/config/SSSDConfig.py:97
+#: src/config/SSSDConfig.py:103
msgid "Enable enumerating all users/groups"
msgstr ""
-#: src/config/SSSDConfig.py:98
+#: src/config/SSSDConfig.py:104
msgid "Cache credentials for offline login"
msgstr "Azonosítók gyorsítótárazása offline használathoz"
-#: src/config/SSSDConfig.py:99
+#: src/config/SSSDConfig.py:105
msgid "Store password hashes"
msgstr "Jelszó hash-ek tárolása"
-#: src/config/SSSDConfig.py:100
+#: src/config/SSSDConfig.py:106
msgid "Display users/groups in fully-qualified form"
msgstr ""
-#: src/config/SSSDConfig.py:101 src/config/SSSDConfig.py:108
-#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
-#: src/config/SSSDConfig.py:111 src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:115 src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:117 src/config/SSSDConfig.py:118
msgid "Entry cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:102
+#: src/config/SSSDConfig.py:108
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
-#: src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:109
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:110
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:111
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig.py:106
+#: src/config/SSSDConfig.py:112
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:107
+#: src/config/SSSDConfig.py:113
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:121
msgid "IPA domain"
msgstr "IPA-tartomány"
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:122
msgid "IPA server address"
msgstr "IPA kiszolgáló címe"
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:123
msgid "IPA client hostname"
msgstr "IPA kliens hosztneve"
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:124
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:125
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:126
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:127
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:128
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:129
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:130
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig.py:127 src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:133 src/config/SSSDConfig.py:134
msgid "Kerberos server address"
msgstr "Kerberos-kiszolgáló címe"
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:135
msgid "Kerberos realm"
msgstr "Kerberos-tartomány"
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:136
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:139
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:140
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:141
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:142
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:143
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:144
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:146
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:147
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:148
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:149
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:152
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:155
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:156
msgid "The default base DN"
msgstr "Alapértelmezett LDAP alap-DN-je"
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:157
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:158
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:159
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:160
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:161
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:162
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:163
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:164
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:165
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:166
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:167
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:168
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:169
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:170
msgid "Require TLS certificate verification"
msgstr "TLS tanusítvány ellenőrzése"
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:171
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:172
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:173
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:174
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:175
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:176
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:177
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:178
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:179
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:180
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:181
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:182
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:183
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:185
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:186
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:188
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:190
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:193
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:194
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:195
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:196
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:197
msgid "Require TLS for ID lookups"
msgstr "TLS megkövetelése ID keresésekor"
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:198
+msgid "Use ID-mapping of objectSID instead of pre-set IDs"
+msgstr ""
+
+#: src/config/SSSDConfig.py:199
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:200
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:201
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:202
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:203
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:205
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:206
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:207
msgid "GECOS attribute"
msgstr "GECOS attribútum"
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:208
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:209
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:210
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:211 src/config/SSSDConfig.py:247
+#, fuzzy
+msgid "objectSID attribute"
+msgstr "GECOS attribútum"
+
+#: src/config/SSSDConfig.py:212
+msgid "Active Directory primary group attribute for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:213
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:214
msgid "Full Name"
msgstr "Teljes név"
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:215
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:216
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:218
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:219
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:220
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:221
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:213
+#: src/config/SSSDConfig.py:222
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:223
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:224
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:225
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:226
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:227
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:228
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:229
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:230
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:231
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:232
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:233
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:234
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:226
+#: src/config/SSSDConfig.py:235
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:236
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:238
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:232
+#: src/config/SSSDConfig.py:241
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:242
msgid "Group name"
msgstr "Csoport neve"
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:243
msgid "Group password"
msgstr "Csoport jelszava"
-#: src/config/SSSDConfig.py:235
+#: src/config/SSSDConfig.py:244
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:236
+#: src/config/SSSDConfig.py:245
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:246
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:248
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:240
+#: src/config/SSSDConfig.py:250
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:252
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:243
+#: src/config/SSSDConfig.py:253
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:244
+#: src/config/SSSDConfig.py:254
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:255
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:246
+#: src/config/SSSDConfig.py:256
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:247
+#: src/config/SSSDConfig.py:257
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:258
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:250
+#: src/config/SSSDConfig.py:260
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:251
+#: src/config/SSSDConfig.py:261
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig.py:252
+#: src/config/SSSDConfig.py:262
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig.py:253
+#: src/config/SSSDConfig.py:263
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig.py:254
+#: src/config/SSSDConfig.py:264
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig.py:258
+#: src/config/SSSDConfig.py:267
+msgid "Lower bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:268
+msgid "Upper bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:269
+msgid "Number of IDs for each slice when ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:270
+msgid "Use autorid-compatible algorithm for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:271
+msgid "Name of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:272
+msgid "SID of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:275
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:261
+#: src/config/SSSDConfig.py:278
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:262
+#: src/config/SSSDConfig.py:279
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:263
+#: src/config/SSSDConfig.py:280
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:266
+#: src/config/SSSDConfig.py:283
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:267
+#: src/config/SSSDConfig.py:284
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:270
+#: src/config/SSSDConfig.py:287
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig.py:271
+#: src/config/SSSDConfig.py:288
msgid "Enable periodical update of all sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:272
+#: src/config/SSSDConfig.py:289
msgid "Length of time between rules updates"
msgstr ""
-#: src/config/SSSDConfig.py:273
+#: src/config/SSSDConfig.py:290
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:274
+#: src/config/SSSDConfig.py:291
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig.py:275
+#: src/config/SSSDConfig.py:292
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig.py:276
+#: src/config/SSSDConfig.py:293
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig.py:277
+#: src/config/SSSDConfig.py:294
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig.py:278
+#: src/config/SSSDConfig.py:295
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig.py:279
+#: src/config/SSSDConfig.py:296
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig.py:280
+#: src/config/SSSDConfig.py:297
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig.py:281
+#: src/config/SSSDConfig.py:298
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig.py:282
+#: src/config/SSSDConfig.py:299
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig.py:283
+#: src/config/SSSDConfig.py:300
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig.py:286
+#: src/config/SSSDConfig.py:303
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig.py:287
+#: src/config/SSSDConfig.py:304
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig.py:288
+#: src/config/SSSDConfig.py:305
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig.py:289
+#: src/config/SSSDConfig.py:306
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig.py:290
+#: src/config/SSSDConfig.py:307
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig.py:291
+#: src/config/SSSDConfig.py:308
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig.py:294
+#: src/config/SSSDConfig.py:311
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:295
+#: src/config/SSSDConfig.py:312
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:298
+#: src/config/SSSDConfig.py:315
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:299
+#: src/config/SSSDConfig.py:316
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:302
+#: src/config/SSSDConfig.py:319
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:305
+#: src/config/SSSDConfig.py:320
+msgid "Whether to look up canonical group name from cache if possible"
+msgstr ""
+
+#: src/config/SSSDConfig.py:323
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2379
+#: src/monitor/monitor.c:2398
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2381
+#: src/monitor/monitor.c:2400
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2383 src/tools/sss_debuglevel.c:77
+#: src/monitor/monitor.c:2402 src/tools/sss_debuglevel.c:77
msgid "Specify a non-default config file"
msgstr ""
-#: src/monitor/monitor.c:2385
+#: src/monitor/monitor.c:2404
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381
-#: src/util/util.h:89
+#: src/providers/krb5/krb5_child.c:1606 src/providers/ldap/ldap_child.c:402
+#: src/util/util.h:91
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1608 src/providers/ldap/ldap_child.c:404
+#: src/util/util.h:95
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385
-#: src/util/util.h:95
+#: src/providers/krb5/krb5_child.c:1610 src/providers/ldap/ldap_child.c:406
+#: src/util/util.h:97
msgid "Show timestamps with microseconds"
msgstr "Mikroszekundum pontosságú időbélyegek"
-#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387
+#: src/providers/krb5/krb5_child.c:1612 src/providers/ldap/ldap_child.c:408
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:2016
+#: src/providers/data_provider_be.c:2217
msgid "Domain of the information provider (mandatory)"
msgstr ""
@@ -911,95 +970,96 @@ msgstr ""
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:378
+#: src/sss_client/pam_sss.c:379
msgid "Passwords do not match"
msgstr "A jelszavak nem egyeznek"
-#: src/sss_client/pam_sss.c:571
+#: src/sss_client/pam_sss.c:567
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:612
+#: src/sss_client/pam_sss.c:608
msgid "Authenticated with cached credentials"
msgstr "Azonosítva gyorsítótárazott adatbázisból"
-#: src/sss_client/pam_sss.c:613
+#: src/sss_client/pam_sss.c:609
msgid ", your cached password will expire at: "
msgstr ", a gyorsítótárazott jelszó lejár ekkor: "
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:639
#, c-format
msgid "Your password has expired. You have %d grace login(s) remaining."
msgstr "A jelszava lejárt. Még %d bejelentkezés engedélyezett."
-#: src/sss_client/pam_sss.c:689
+#: src/sss_client/pam_sss.c:685
#, c-format
msgid "Your password will expire in %d %s."
msgstr "A jelszava le fog járni %d %s múlva."
-#: src/sss_client/pam_sss.c:738
+#: src/sss_client/pam_sss.c:734
msgid "Authentication is denied until: "
msgstr "A bejelentkezés tiltott eddig:"
-#: src/sss_client/pam_sss.c:759
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:789 src/sss_client/pam_sss.c:802
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr "A jelszó megváltoztatása nem sikerült."
-#: src/sss_client/pam_sss.c:792 src/sss_client/pam_sss.c:803
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr "Szerver üzenete:"
-#: src/sss_client/pam_sss.c:1286
+#: src/sss_client/pam_sss.c:1288
msgid "New Password: "
msgstr "Új jelszó:"
-#: src/sss_client/pam_sss.c:1287
+#: src/sss_client/pam_sss.c:1289
msgid "Reenter new Password: "
msgstr "Jelszó mégegyszer: "
-#: src/sss_client/pam_sss.c:1373
+#: src/sss_client/pam_sss.c:1375
msgid "Password: "
msgstr "Jelszó: "
-#: src/sss_client/pam_sss.c:1405
+#: src/sss_client/pam_sss.c:1407
msgid "Current Password: "
msgstr "Jelenlegi jelszó:"
-#: src/sss_client/pam_sss.c:1552
+#: src/sss_client/pam_sss.c:1554
msgid "Password expired. Change your password now."
msgstr "A jelszava lejárt, változtass meg most."
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:211 src/tools/sss_useradd.c:48
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:43
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:615
#: src/tools/sss_userdel.c:131 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:254 src/tools/sss_debuglevel.c:75
+#: src/tools/sss_cache.c:321 src/tools/sss_debuglevel.c:75
msgid "The debug level to run with"
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:215
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:199
msgid "The SSSD domain to use"
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:58
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:229 src/tools/sss_useradd.c:71
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:216 src/tools/sss_useradd.c:71
#: src/tools/sss_groupadd.c:56 src/tools/sss_groupdel.c:52
#: src/tools/sss_groupmod.c:63 src/tools/sss_groupshow.c:626
#: src/tools/sss_userdel.c:148 src/tools/sss_usermod.c:72
-#: src/tools/sss_cache.c:275
+#: src/tools/sss_cache.c:352
msgid "Error setting the locale\n"
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:65
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:91
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:236
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:269
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:115
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:223
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:283
msgid "Not enough memory\n"
msgstr ""
@@ -1007,35 +1067,43 @@ msgstr ""
msgid "User not specified\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:104
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:282
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:105
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:297
msgid "Error looking up public keys\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:94
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:76
msgid "Failed to open a socket\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:104
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:86
msgid "Failed to connect to the server\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:179
msgid "Failed to execute proxy command\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:213
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:197
msgid "The port to use to connect to the host"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:255
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:242
msgid "Host not specified\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:261
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:248
msgid "The path to the proxy command must be absolute\n"
msgstr ""
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:263
+msgid "Host name cannot be resolved\n"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:274
+msgid "Reverse lookup failed\n"
+msgstr ""
+
#: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
msgid "The UID of the user"
msgstr "A felhasználó UID-je"
@@ -1409,44 +1477,87 @@ msgstr ""
msgid "Transaction error. Could not modify user.\n"
msgstr "Tranzakcióhiba történt, a felhasználó nem módosítható.\n"
-#: src/tools/sss_cache.c:132
+#: src/tools/sss_cache.c:138
+msgid "No cache object matched the specified search\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:172
+#, c-format
+msgid "No such %s named %s, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:175
+#, c-format
+msgid "No objects of type %s in the cache, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:187
#, c-format
msgid "Couldn't invalidate %s"
msgstr ""
-#: src/tools/sss_cache.c:138
+#: src/tools/sss_cache.c:194
#, c-format
msgid "Couldn't invalidate %s %s"
msgstr ""
-#: src/tools/sss_cache.c:256
+#: src/tools/sss_cache.c:323
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:258
+#: src/tools/sss_cache.c:325
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:260
+#: src/tools/sss_cache.c:327
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:262
+#: src/tools/sss_cache.c:329
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:264
+#: src/tools/sss_cache.c:331
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:266
+#: src/tools/sss_cache.c:333
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:268
+#: src/tools/sss_cache.c:335
+msgid "Invalidate particular service"
+msgstr ""
+
+#: src/tools/sss_cache.c:337
+msgid "Invalidate all services"
+msgstr ""
+
+#: src/tools/sss_cache.c:340
+msgid "Invalidate particular autofs map"
+msgstr ""
+
+#: src/tools/sss_cache.c:342
+msgid "Invalidate all autofs maps"
+msgstr ""
+
+#: src/tools/sss_cache.c:345
msgid "Only invalidate entries from a particular domain"
msgstr ""
+#: src/tools/sss_cache.c:384
+msgid "Please select at least one object to invalidate\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:455
+#, c-format
+msgid "Could not open domain %s\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:457
+msgid "Could not open available domains\n"
+msgstr ""
+
#: src/tools/sss_debuglevel.c:43
msgid "\n"
msgstr ""
@@ -1464,6 +1575,6 @@ msgstr "Elfogyott a memória\n"
msgid "%s must be run as root\n"
msgstr "%s csak rendszergazdaként futtatható\n"
-#: src/util/util.h:91
+#: src/util/util.h:93
msgid "Send the debug output to files instead of stderr"
msgstr ""
diff --git a/po/id.po b/po/id.po
index 81491a836..d5e1e2206 100644
--- a/po/id.po
+++ b/po/id.po
@@ -7,8 +7,8 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2012-03-12 16:37-0400\n"
-"PO-Revision-Date: 2012-03-08 11:41+0000\n"
+"POT-Creation-Date: 2012-05-11 14:59-0400\n"
+"PO-Revision-Date: 2012-04-20 16:09+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: Indonesian <trans-id@lists.fedoraproject.org>\n"
"Language: id\n"
@@ -38,851 +38,910 @@ msgid "Ping timeout before restarting service"
msgstr ""
#: src/config/SSSDConfig.py:44
+msgid ""
+"Timeout between three failed ping checks and forcibly killing the service"
+msgstr ""
+
+#: src/config/SSSDConfig.py:45
msgid "Command to start service"
msgstr "Perintah untuk memulai layanan"
-#: src/config/SSSDConfig.py:45
+#: src/config/SSSDConfig.py:46
msgid "Number of times to attempt connection to Data Providers"
msgstr "Jumlah usaha yang dilakukan untuk mencoba koneksi ke Penyedia Data"
-#: src/config/SSSDConfig.py:46
+#: src/config/SSSDConfig.py:47
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig.py:49
+#: src/config/SSSDConfig.py:50
msgid "SSSD Services to start"
msgstr "Layanan SSSD akan dijalankan"
-#: src/config/SSSDConfig.py:50
+#: src/config/SSSDConfig.py:51
msgid "SSSD Domains to start"
msgstr "Domain SSSD akan dijalankan"
-#: src/config/SSSDConfig.py:51
+#: src/config/SSSDConfig.py:52
msgid "Timeout for messages sent over the SBUS"
msgstr ""
-#: src/config/SSSDConfig.py:52
+#: src/config/SSSDConfig.py:53
msgid "Regex to parse username and domain"
msgstr ""
-#: src/config/SSSDConfig.py:53
+#: src/config/SSSDConfig.py:54
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr ""
-#: src/config/SSSDConfig.py:54
+#: src/config/SSSDConfig.py:55
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig.py:57
+#: src/config/SSSDConfig.py:58
msgid "Enumeration cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:58
+#: src/config/SSSDConfig.py:59
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:59 src/config/SSSDConfig.py:82
+#: src/config/SSSDConfig.py:60 src/config/SSSDConfig.py:85
msgid "Negative cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:60
+#: src/config/SSSDConfig.py:61
msgid "Users that SSSD should explicitly ignore"
msgstr "Pengguna yang diabaikan secara eksplisit oleh SSSD"
-#: src/config/SSSDConfig.py:61
+#: src/config/SSSDConfig.py:62
msgid "Groups that SSSD should explicitly ignore"
msgstr "Grup yang diabaikan secara eksplisit oleh SSSD"
-#: src/config/SSSDConfig.py:62
+#: src/config/SSSDConfig.py:63
msgid "Should filtered users appear in groups"
msgstr "Haruskah pengguna yang disaring muncul dalam grup"
-#: src/config/SSSDConfig.py:63
+#: src/config/SSSDConfig.py:64
msgid "The value of the password field the NSS provider should return"
msgstr "Nilai kolom kata sandi yang harus dikembalikan oleh penyedia NSS"
-#: src/config/SSSDConfig.py:64
+#: src/config/SSSDConfig.py:65
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:65
+#: src/config/SSSDConfig.py:66
+msgid ""
+"Substitute empty homedir value from the identity provider with this value"
+msgstr ""
+
+#: src/config/SSSDConfig.py:67
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig.py:66
+#: src/config/SSSDConfig.py:68
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig.py:67
+#: src/config/SSSDConfig.py:69
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
#: src/config/SSSDConfig.py:70
+msgid "Shell to use if the provider does not list one"
+msgstr ""
+
+#: src/config/SSSDConfig.py:73
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
-#: src/config/SSSDConfig.py:71
+#: src/config/SSSDConfig.py:74
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
-#: src/config/SSSDConfig.py:72
+#: src/config/SSSDConfig.py:75
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
msgstr ""
-#: src/config/SSSDConfig.py:73
+#: src/config/SSSDConfig.py:76
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig.py:74
+#: src/config/SSSDConfig.py:77
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig.py:75
+#: src/config/SSSDConfig.py:78
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig.py:78
+#: src/config/SSSDConfig.py:81
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:79
+#: src/config/SSSDConfig.py:82
msgid ""
"How many seconds to keep sudorules cached before asking the provider again"
msgstr ""
-#: src/config/SSSDConfig.py:85
+#: src/config/SSSDConfig.py:88
+msgid "Whether to hash host names and adresses in the known_hosts file"
+msgstr ""
+
+#: src/config/SSSDConfig.py:91
msgid "Identity provider"
msgstr "Penyedia identitas"
-#: src/config/SSSDConfig.py:86
+#: src/config/SSSDConfig.py:92
msgid "Authentication provider"
msgstr "Penyedia otentikasi"
-#: src/config/SSSDConfig.py:87
+#: src/config/SSSDConfig.py:93
msgid "Access control provider"
msgstr "Penyedia kontrol akses"
-#: src/config/SSSDConfig.py:88
+#: src/config/SSSDConfig.py:94
msgid "Password change provider"
msgstr "Penyedia pengubah kata sandi"
-#: src/config/SSSDConfig.py:89
+#: src/config/SSSDConfig.py:95
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig.py:90
+#: src/config/SSSDConfig.py:96
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig.py:91
+#: src/config/SSSDConfig.py:97
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig.py:92
+#: src/config/SSSDConfig.py:98
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig.py:95
+#: src/config/SSSDConfig.py:101
msgid "Minimum user ID"
msgstr "ID pengguna minimum"
-#: src/config/SSSDConfig.py:96
+#: src/config/SSSDConfig.py:102
msgid "Maximum user ID"
msgstr "ID pengguna maksimum"
-#: src/config/SSSDConfig.py:97
+#: src/config/SSSDConfig.py:103
msgid "Enable enumerating all users/groups"
msgstr ""
-#: src/config/SSSDConfig.py:98
+#: src/config/SSSDConfig.py:104
msgid "Cache credentials for offline login"
msgstr ""
-#: src/config/SSSDConfig.py:99
+#: src/config/SSSDConfig.py:105
msgid "Store password hashes"
msgstr ""
-#: src/config/SSSDConfig.py:100
+#: src/config/SSSDConfig.py:106
msgid "Display users/groups in fully-qualified form"
msgstr ""
-#: src/config/SSSDConfig.py:101 src/config/SSSDConfig.py:108
-#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
-#: src/config/SSSDConfig.py:111 src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:115 src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:117 src/config/SSSDConfig.py:118
msgid "Entry cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:102
+#: src/config/SSSDConfig.py:108
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
-#: src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:109
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:110
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:111
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig.py:106
+#: src/config/SSSDConfig.py:112
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:107
+#: src/config/SSSDConfig.py:113
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:121
msgid "IPA domain"
msgstr "Domain IPA"
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:122
msgid "IPA server address"
msgstr "Alamat server IPA"
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:123
msgid "IPA client hostname"
msgstr "Nama host klien IPA"
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:124
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:125
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:126
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:127
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:128
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:129
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:130
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig.py:127 src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:133 src/config/SSSDConfig.py:134
msgid "Kerberos server address"
msgstr "Alamat server Kerberos"
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:135
msgid "Kerberos realm"
msgstr "Realm Kerberos"
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:136
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:139
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:140
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:141
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:142
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:143
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:144
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:146
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:147
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:148
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:149
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:152
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:155
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, URI server LDAP"
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:156
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:157
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Jenis Skema yang digunakan pada server LDAP, rfc2307"
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:158
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:159
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:160
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:161
msgid "Length of time to attempt connection"
msgstr "Lamanya waktu untuk mencoba koneksi"
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:162
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Lamanya waktu untuk mencoba operasi LDAP yang sinkron"
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:163
msgid "Length of time between attempts to reconnect while offline"
msgstr "Lamanya waktu antara upaya untuk menyambung kembali saat luring"
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:164
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:165
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:166
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:167
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:168
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:169
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:170
msgid "Require TLS certificate verification"
msgstr "Membutuhkan verifikasi sertifikat TLS"
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:171
msgid "Specify the sasl mechanism to use"
msgstr "Tentukan mekanisme sasl yang digunakan"
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:172
msgid "Specify the sasl authorization id to use"
msgstr "Tentukan id otorisasi sasl yang digunakan"
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:173
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:174
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:175
msgid "Kerberos service keytab"
msgstr "Keytab layanan Kerberos"
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:176
msgid "Use Kerberos auth for LDAP connection"
msgstr "Gunakan otentikasi Kerberos untuk koneksi LDAP"
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:177
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:178
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:179
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:180
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:181
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:182
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:183
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:185
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:186
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:188
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:190
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:193
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:194
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:195
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:196
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:197
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:198
+msgid "Use ID-mapping of objectSID instead of pre-set IDs"
+msgstr ""
+
+#: src/config/SSSDConfig.py:199
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:200
msgid "Scope of user lookups"
msgstr "Lingkup pencarian pengguna"
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:201
msgid "Filter for user lookups"
msgstr "Filter pencarian pengguna"
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:202
msgid "Objectclass for users"
msgstr "Objectclass untuk pengguna"
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:203
msgid "Username attribute"
msgstr "Atribut Nama pengguna"
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:205
msgid "UID attribute"
msgstr "Atribut UID"
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:206
msgid "Primary GID attribute"
msgstr "Atribut GID Primer"
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:207
msgid "GECOS attribute"
msgstr "Atribut GECOS"
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:208
msgid "Home directory attribute"
msgstr "Atribut direktori Home"
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:209
msgid "Shell attribute"
msgstr "Atribut Shell"
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:210
msgid "UUID attribute"
msgstr "Atribut UUID"
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:211 src/config/SSSDConfig.py:247
+#, fuzzy
+msgid "objectSID attribute"
+msgstr "Atribut UID"
+
+#: src/config/SSSDConfig.py:212
+msgid "Active Directory primary group attribute for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:213
msgid "User principal attribute (for Kerberos)"
msgstr "Atribut utama pengguna (untuk Kerberos)"
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:214
msgid "Full Name"
msgstr "Nama Lengkap"
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:215
msgid "memberOf attribute"
msgstr "Atribut memberOf"
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:216
msgid "Modification time attribute"
msgstr "Atribut waktu modifikasi"
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:218
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:219
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:220
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:221
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:213
+#: src/config/SSSDConfig.py:222
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:223
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:224
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:225
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:226
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:227
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:228
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:229
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:230
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:231
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:232
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:233
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:234
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:226
+#: src/config/SSSDConfig.py:235
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:236
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:238
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:232
+#: src/config/SSSDConfig.py:241
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:242
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:243
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:235
+#: src/config/SSSDConfig.py:244
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:236
+#: src/config/SSSDConfig.py:245
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:246
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:248
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:240
+#: src/config/SSSDConfig.py:250
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:252
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:243
+#: src/config/SSSDConfig.py:253
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:244
+#: src/config/SSSDConfig.py:254
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:255
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:246
+#: src/config/SSSDConfig.py:256
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:247
+#: src/config/SSSDConfig.py:257
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:258
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:250
+#: src/config/SSSDConfig.py:260
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:251
+#: src/config/SSSDConfig.py:261
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig.py:252
+#: src/config/SSSDConfig.py:262
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig.py:253
+#: src/config/SSSDConfig.py:263
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig.py:254
+#: src/config/SSSDConfig.py:264
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig.py:258
+#: src/config/SSSDConfig.py:267
+msgid "Lower bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:268
+msgid "Upper bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:269
+msgid "Number of IDs for each slice when ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:270
+msgid "Use autorid-compatible algorithm for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:271
+msgid "Name of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:272
+msgid "SID of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:275
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:261
+#: src/config/SSSDConfig.py:278
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:262
+#: src/config/SSSDConfig.py:279
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:263
+#: src/config/SSSDConfig.py:280
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:266
+#: src/config/SSSDConfig.py:283
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:267
+#: src/config/SSSDConfig.py:284
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:270
+#: src/config/SSSDConfig.py:287
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig.py:271
+#: src/config/SSSDConfig.py:288
msgid "Enable periodical update of all sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:272
+#: src/config/SSSDConfig.py:289
msgid "Length of time between rules updates"
msgstr ""
-#: src/config/SSSDConfig.py:273
+#: src/config/SSSDConfig.py:290
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:274
+#: src/config/SSSDConfig.py:291
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig.py:275
+#: src/config/SSSDConfig.py:292
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig.py:276
+#: src/config/SSSDConfig.py:293
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig.py:277
+#: src/config/SSSDConfig.py:294
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig.py:278
+#: src/config/SSSDConfig.py:295
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig.py:279
+#: src/config/SSSDConfig.py:296
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig.py:280
+#: src/config/SSSDConfig.py:297
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig.py:281
+#: src/config/SSSDConfig.py:298
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig.py:282
+#: src/config/SSSDConfig.py:299
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig.py:283
+#: src/config/SSSDConfig.py:300
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig.py:286
+#: src/config/SSSDConfig.py:303
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig.py:287
+#: src/config/SSSDConfig.py:304
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig.py:288
+#: src/config/SSSDConfig.py:305
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig.py:289
+#: src/config/SSSDConfig.py:306
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig.py:290
+#: src/config/SSSDConfig.py:307
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig.py:291
+#: src/config/SSSDConfig.py:308
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig.py:294
+#: src/config/SSSDConfig.py:311
msgid "Comma separated list of allowed users"
msgstr "Daftar pengguna yang diijinkan dalam format yang dipisahkan koma"
-#: src/config/SSSDConfig.py:295
+#: src/config/SSSDConfig.py:312
msgid "Comma separated list of prohibited users"
msgstr "Daftar pengguna yang tidak diijinkan dalam format yang dipisahkan koma"
-#: src/config/SSSDConfig.py:298
+#: src/config/SSSDConfig.py:315
msgid "Default shell, /bin/bash"
msgstr "Shell default, /bin/bash"
-#: src/config/SSSDConfig.py:299
+#: src/config/SSSDConfig.py:316
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:302
+#: src/config/SSSDConfig.py:319
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:305
+#: src/config/SSSDConfig.py:320
+msgid "Whether to look up canonical group name from cache if possible"
+msgstr ""
+
+#: src/config/SSSDConfig.py:323
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2379
+#: src/monitor/monitor.c:2398
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2381
+#: src/monitor/monitor.c:2400
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2383 src/tools/sss_debuglevel.c:77
+#: src/monitor/monitor.c:2402 src/tools/sss_debuglevel.c:77
msgid "Specify a non-default config file"
msgstr ""
-#: src/monitor/monitor.c:2385
+#: src/monitor/monitor.c:2404
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381
-#: src/util/util.h:89
+#: src/providers/krb5/krb5_child.c:1606 src/providers/ldap/ldap_child.c:402
+#: src/util/util.h:91
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1608 src/providers/ldap/ldap_child.c:404
+#: src/util/util.h:95
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385
-#: src/util/util.h:95
+#: src/providers/krb5/krb5_child.c:1610 src/providers/ldap/ldap_child.c:406
+#: src/util/util.h:97
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387
+#: src/providers/krb5/krb5_child.c:1612 src/providers/ldap/ldap_child.c:408
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:2016
+#: src/providers/data_provider_be.c:2217
msgid "Domain of the information provider (mandatory)"
msgstr ""
@@ -910,95 +969,96 @@ msgstr ""
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:378
+#: src/sss_client/pam_sss.c:379
msgid "Passwords do not match"
msgstr "Kata sandi tidak cocok"
-#: src/sss_client/pam_sss.c:571
+#: src/sss_client/pam_sss.c:567
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:612
+#: src/sss_client/pam_sss.c:608
msgid "Authenticated with cached credentials"
msgstr ""
-#: src/sss_client/pam_sss.c:613
+#: src/sss_client/pam_sss.c:609
msgid ", your cached password will expire at: "
msgstr ""
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:639
#, c-format
msgid "Your password has expired. You have %d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:689
+#: src/sss_client/pam_sss.c:685
#, c-format
msgid "Your password will expire in %d %s."
msgstr ""
-#: src/sss_client/pam_sss.c:738
+#: src/sss_client/pam_sss.c:734
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:759
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr "Sistem sedang luring, perubahan kata sandi tidak dimungkinkan"
-#: src/sss_client/pam_sss.c:789 src/sss_client/pam_sss.c:802
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr "Perubahan kata sandi gagal."
-#: src/sss_client/pam_sss.c:792 src/sss_client/pam_sss.c:803
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr "Pesan server:"
-#: src/sss_client/pam_sss.c:1286
+#: src/sss_client/pam_sss.c:1288
msgid "New Password: "
msgstr "Kata Sandi Baru: "
-#: src/sss_client/pam_sss.c:1287
+#: src/sss_client/pam_sss.c:1289
msgid "Reenter new Password: "
msgstr "Masukkan lagi kata sandi baru:"
-#: src/sss_client/pam_sss.c:1373
+#: src/sss_client/pam_sss.c:1375
msgid "Password: "
msgstr "Kata sandi:"
-#: src/sss_client/pam_sss.c:1405
+#: src/sss_client/pam_sss.c:1407
msgid "Current Password: "
msgstr "Kata sandi saat ini:"
-#: src/sss_client/pam_sss.c:1552
+#: src/sss_client/pam_sss.c:1554
msgid "Password expired. Change your password now."
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:211 src/tools/sss_useradd.c:48
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:43
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:615
#: src/tools/sss_userdel.c:131 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:254 src/tools/sss_debuglevel.c:75
+#: src/tools/sss_cache.c:321 src/tools/sss_debuglevel.c:75
msgid "The debug level to run with"
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:215
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:199
msgid "The SSSD domain to use"
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:58
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:229 src/tools/sss_useradd.c:71
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:216 src/tools/sss_useradd.c:71
#: src/tools/sss_groupadd.c:56 src/tools/sss_groupdel.c:52
#: src/tools/sss_groupmod.c:63 src/tools/sss_groupshow.c:626
#: src/tools/sss_userdel.c:148 src/tools/sss_usermod.c:72
-#: src/tools/sss_cache.c:275
+#: src/tools/sss_cache.c:352
msgid "Error setting the locale\n"
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:65
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:91
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:236
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:269
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:115
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:223
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:283
msgid "Not enough memory\n"
msgstr ""
@@ -1006,35 +1066,43 @@ msgstr ""
msgid "User not specified\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:104
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:282
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:105
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:297
msgid "Error looking up public keys\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:94
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:76
msgid "Failed to open a socket\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:104
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:86
msgid "Failed to connect to the server\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:179
msgid "Failed to execute proxy command\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:213
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:197
msgid "The port to use to connect to the host"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:255
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:242
msgid "Host not specified\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:261
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:248
msgid "The path to the proxy command must be absolute\n"
msgstr ""
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:263
+msgid "Host name cannot be resolved\n"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:274
+msgid "Reverse lookup failed\n"
+msgstr ""
+
#: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
msgid "The UID of the user"
msgstr "UID dari pengguna"
@@ -1424,44 +1492,87 @@ msgstr ""
msgid "Transaction error. Could not modify user.\n"
msgstr "Kesalahan transaksi. Pengguna tidak dapat dimodifikasi.\n"
-#: src/tools/sss_cache.c:132
+#: src/tools/sss_cache.c:138
+msgid "No cache object matched the specified search\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:172
+#, c-format
+msgid "No such %s named %s, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:175
+#, c-format
+msgid "No objects of type %s in the cache, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:187
#, c-format
msgid "Couldn't invalidate %s"
msgstr ""
-#: src/tools/sss_cache.c:138
+#: src/tools/sss_cache.c:194
#, c-format
msgid "Couldn't invalidate %s %s"
msgstr ""
-#: src/tools/sss_cache.c:256
+#: src/tools/sss_cache.c:323
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:258
+#: src/tools/sss_cache.c:325
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:260
+#: src/tools/sss_cache.c:327
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:262
+#: src/tools/sss_cache.c:329
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:264
+#: src/tools/sss_cache.c:331
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:266
+#: src/tools/sss_cache.c:333
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:268
+#: src/tools/sss_cache.c:335
+msgid "Invalidate particular service"
+msgstr ""
+
+#: src/tools/sss_cache.c:337
+msgid "Invalidate all services"
+msgstr ""
+
+#: src/tools/sss_cache.c:340
+msgid "Invalidate particular autofs map"
+msgstr ""
+
+#: src/tools/sss_cache.c:342
+msgid "Invalidate all autofs maps"
+msgstr ""
+
+#: src/tools/sss_cache.c:345
msgid "Only invalidate entries from a particular domain"
msgstr ""
+#: src/tools/sss_cache.c:384
+msgid "Please select at least one object to invalidate\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:455
+#, c-format
+msgid "Could not open domain %s\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:457
+msgid "Could not open available domains\n"
+msgstr ""
+
#: src/tools/sss_debuglevel.c:43
msgid "\n"
msgstr ""
@@ -1479,6 +1590,6 @@ msgstr "Kehabisan memori\n"
msgid "%s must be run as root\n"
msgstr "%s harus dijalankan sebagai root\n"
-#: src/util/util.h:91
+#: src/util/util.h:93
msgid "Send the debug output to files instead of stderr"
msgstr ""
diff --git a/po/it.po b/po/it.po
index 37094a436..9864a2123 100644
--- a/po/it.po
+++ b/po/it.po
@@ -8,8 +8,8 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2012-03-12 16:37-0400\n"
-"PO-Revision-Date: 2012-03-08 11:41+0000\n"
+"POT-Creation-Date: 2012-05-11 14:59-0400\n"
+"PO-Revision-Date: 2012-04-20 16:09+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: Italian <trans-it@lists.fedoraproject.org>\n"
"Language: it\n"
@@ -39,100 +39,114 @@ msgid "Ping timeout before restarting service"
msgstr "Timeout di ping per il riavvio del servizio"
#: src/config/SSSDConfig.py:44
+msgid ""
+"Timeout between three failed ping checks and forcibly killing the service"
+msgstr ""
+
+#: src/config/SSSDConfig.py:45
msgid "Command to start service"
msgstr "Comando per avviare il servizio"
-#: src/config/SSSDConfig.py:45
+#: src/config/SSSDConfig.py:46
msgid "Number of times to attempt connection to Data Providers"
msgstr "Numero di tentativi di connessione ai data providers"
-#: src/config/SSSDConfig.py:46
+#: src/config/SSSDConfig.py:47
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig.py:49
+#: src/config/SSSDConfig.py:50
msgid "SSSD Services to start"
msgstr "Avvio dei servizi SSSD"
-#: src/config/SSSDConfig.py:50
+#: src/config/SSSDConfig.py:51
msgid "SSSD Domains to start"
msgstr "Avvio dei domini SSSD"
-#: src/config/SSSDConfig.py:51
+#: src/config/SSSDConfig.py:52
msgid "Timeout for messages sent over the SBUS"
msgstr "Timeout dei messaggi inviati sul SBUS"
-#: src/config/SSSDConfig.py:52
+#: src/config/SSSDConfig.py:53
msgid "Regex to parse username and domain"
msgstr "Regex per il parsing di nome utente e dominio"
-#: src/config/SSSDConfig.py:53
+#: src/config/SSSDConfig.py:54
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr "Formato compatibile con printf per la visualizzazione di nomi completi"
-#: src/config/SSSDConfig.py:54
+#: src/config/SSSDConfig.py:55
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig.py:57
+#: src/config/SSSDConfig.py:58
msgid "Enumeration cache timeout length (seconds)"
msgstr "Durata timeout per la cache enumeration (secondi)"
-#: src/config/SSSDConfig.py:58
+#: src/config/SSSDConfig.py:59
msgid "Entry cache background update timeout length (seconds)"
msgstr "Durata timeout aggiornamento cache in background (secondi)"
-#: src/config/SSSDConfig.py:59 src/config/SSSDConfig.py:82
+#: src/config/SSSDConfig.py:60 src/config/SSSDConfig.py:85
msgid "Negative cache timeout length (seconds)"
msgstr "Durata timeout negative cache (secondi)"
-#: src/config/SSSDConfig.py:60
+#: src/config/SSSDConfig.py:61
msgid "Users that SSSD should explicitly ignore"
msgstr "Utenti che SSSD dovrebbe ignorare esplicitamente"
-#: src/config/SSSDConfig.py:61
+#: src/config/SSSDConfig.py:62
msgid "Groups that SSSD should explicitly ignore"
msgstr "Gruppi che SSSD dovrebbe ignorare esplicitamente"
-#: src/config/SSSDConfig.py:62
+#: src/config/SSSDConfig.py:63
msgid "Should filtered users appear in groups"
msgstr "Specifica se mostrare gli utenti filtrati nei gruppi"
-#: src/config/SSSDConfig.py:63
+#: src/config/SSSDConfig.py:64
msgid "The value of the password field the NSS provider should return"
msgstr ""
"Il valore del campo password che deve essere ritornato dal provider NSS"
-#: src/config/SSSDConfig.py:64
+#: src/config/SSSDConfig.py:65
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:65
+#: src/config/SSSDConfig.py:66
+msgid ""
+"Substitute empty homedir value from the identity provider with this value"
+msgstr ""
+
+#: src/config/SSSDConfig.py:67
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig.py:66
+#: src/config/SSSDConfig.py:68
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig.py:67
+#: src/config/SSSDConfig.py:69
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
#: src/config/SSSDConfig.py:70
+msgid "Shell to use if the provider does not list one"
+msgstr ""
+
+#: src/config/SSSDConfig.py:73
msgid "How long to allow cached logins between online logins (days)"
msgstr "Per quanto tempo accettare login in cache tra login online (giorni)"
-#: src/config/SSSDConfig.py:71
+#: src/config/SSSDConfig.py:74
msgid "How many failed logins attempts are allowed when offline"
msgstr "Numero di tentativi di login falliti quando offline"
-#: src/config/SSSDConfig.py:72
+#: src/config/SSSDConfig.py:75
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
@@ -140,760 +154,805 @@ msgstr ""
"Per quanto tempo (minuti) negare i tentativi di login dopo che "
"offline_failed_login_attemps è stato raggiunto"
-#: src/config/SSSDConfig.py:73
+#: src/config/SSSDConfig.py:76
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig.py:74
+#: src/config/SSSDConfig.py:77
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig.py:75
+#: src/config/SSSDConfig.py:78
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig.py:78
+#: src/config/SSSDConfig.py:81
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:79
+#: src/config/SSSDConfig.py:82
msgid ""
"How many seconds to keep sudorules cached before asking the provider again"
msgstr ""
-#: src/config/SSSDConfig.py:85
+#: src/config/SSSDConfig.py:88
+msgid "Whether to hash host names and adresses in the known_hosts file"
+msgstr ""
+
+#: src/config/SSSDConfig.py:91
msgid "Identity provider"
msgstr "Provider di identità"
-#: src/config/SSSDConfig.py:86
+#: src/config/SSSDConfig.py:92
msgid "Authentication provider"
msgstr "Provider di autenticazione"
-#: src/config/SSSDConfig.py:87
+#: src/config/SSSDConfig.py:93
msgid "Access control provider"
msgstr "Provider di access control"
-#: src/config/SSSDConfig.py:88
+#: src/config/SSSDConfig.py:94
msgid "Password change provider"
msgstr "Provider di cambio password"
-#: src/config/SSSDConfig.py:89
+#: src/config/SSSDConfig.py:95
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig.py:90
+#: src/config/SSSDConfig.py:96
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig.py:91
+#: src/config/SSSDConfig.py:97
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig.py:92
+#: src/config/SSSDConfig.py:98
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig.py:95
+#: src/config/SSSDConfig.py:101
msgid "Minimum user ID"
msgstr "ID utente minimo"
-#: src/config/SSSDConfig.py:96
+#: src/config/SSSDConfig.py:102
msgid "Maximum user ID"
msgstr "ID utente massimo"
-#: src/config/SSSDConfig.py:97
+#: src/config/SSSDConfig.py:103
msgid "Enable enumerating all users/groups"
msgstr "Consentire l'enumerazione di tutti gli utenti/gruppi"
-#: src/config/SSSDConfig.py:98
+#: src/config/SSSDConfig.py:104
msgid "Cache credentials for offline login"
msgstr "Salvare in cache le credenziali per login offline"
-#: src/config/SSSDConfig.py:99
+#: src/config/SSSDConfig.py:105
msgid "Store password hashes"
msgstr "Salvare gli hash delle password"
-#: src/config/SSSDConfig.py:100
+#: src/config/SSSDConfig.py:106
msgid "Display users/groups in fully-qualified form"
msgstr "Mostrare utenti/gruppi in formato fully-qualified"
-#: src/config/SSSDConfig.py:101 src/config/SSSDConfig.py:108
-#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
-#: src/config/SSSDConfig.py:111 src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:115 src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:117 src/config/SSSDConfig.py:118
msgid "Entry cache timeout length (seconds)"
msgstr "Durata timeout elementi in cache (secondi)"
-#: src/config/SSSDConfig.py:102
+#: src/config/SSSDConfig.py:108
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
"Restringere o preferire una specifica famiglia di indirizzi per l'esecuzione "
"di lookup DNS"
-#: src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:109
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
"Per quanto tempo tenere in cache gli elementi dopo un login che ha avuto "
"successo (giorni)"
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:110
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr "Il tempo di attesa per le richieste DNS (secondi)"
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:111
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig.py:106
+#: src/config/SSSDConfig.py:112
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:107
+#: src/config/SSSDConfig.py:113
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:121
msgid "IPA domain"
msgstr "Dominio IPA"
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:122
msgid "IPA server address"
msgstr "Indirizzo del server IPA"
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:123
msgid "IPA client hostname"
msgstr "Hostname del client IPA"
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:124
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:125
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
"L'interfaccia il cui indirizzo IP dovrebbe essere usato per aggiornamenti "
"DNS dinamici."
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:126
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:127
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:128
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:129
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:130
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig.py:127 src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:133 src/config/SSSDConfig.py:134
msgid "Kerberos server address"
msgstr "Indirizzo del server Kerberos"
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:135
msgid "Kerberos realm"
msgstr "Realm Kerberos"
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:136
msgid "Authentication timeout"
msgstr "Timeout di autenticazione"
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:139
msgid "Directory to store credential caches"
msgstr "Directory in cui salvare le credenziali"
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:140
msgid "Location of the user's credential cache"
msgstr "Percorso della cache delle credenziali utente"
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:141
msgid "Location of the keytab to validate credentials"
msgstr "Percorso del keytab per la validazione delle credenziali"
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:142
msgid "Enable credential validation"
msgstr "Abilita la validazione delle credenziali"
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:143
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:144
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:146
msgid "Time between two checks for renewal"
msgstr "Intervallo di tempo tra due controlli di rinnovo"
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:147
msgid "Enables FAST"
msgstr "Abilita FAST"
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:148
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:149
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:152
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"Server dove viene eseguito il servizio di cambio password, se non nel KDC"
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:155
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, l'indirizzo del server LDAP"
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:156
msgid "The default base DN"
msgstr "Il base DN predefinito"
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:157
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Lo Schema Type utilizzato dal server LDAP, rfc2307"
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:158
msgid "The default bind DN"
msgstr "Il bind DN predefinito"
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:159
msgid "The type of the authentication token of the default bind DN"
msgstr "Il tipo di token di autenticazione del bind DN predefinito"
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:160
msgid "The authentication token of the default bind DN"
msgstr "Il token di autenticazione del bind DN predefinito"
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:161
msgid "Length of time to attempt connection"
msgstr "Durata del tentativo di connessione"
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:162
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Durata del tentativo di esecuzione di operazioni LDAP sincrone"
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:163
msgid "Length of time between attempts to reconnect while offline"
msgstr "Durata tra tentativi di riconnessione quando offline"
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:164
msgid "Use only the upper case for realm names"
msgstr "Usare solo maiuscole per i nomi dei realm"
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:165
msgid "File that contains CA certificates"
msgstr "File contenente i certificati CA"
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:166
msgid "Path to CA certificate directory"
msgstr "Percorso della directory dei cerficati della CA"
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:167
msgid "File that contains the client certificate"
msgstr "File contenente il certificato client"
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:168
msgid "File that contains the client key"
msgstr "File contenente la chiave client"
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:169
msgid "List of possible ciphers suites"
msgstr "Lista delle possibili cipher suite"
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:170
msgid "Require TLS certificate verification"
msgstr "Richiedere la verifica del certificato TLS"
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:171
msgid "Specify the sasl mechanism to use"
msgstr "Specificare il meccanismo sasl da usare"
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:172
msgid "Specify the sasl authorization id to use"
msgstr "Specificare l'id di autorizzazione sasl da usare"
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:173
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:174
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:175
msgid "Kerberos service keytab"
msgstr "Keytab del servizio Kerberos"
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:176
msgid "Use Kerberos auth for LDAP connection"
msgstr "Usare autorizzazione Kerberos per la connessione LDAP"
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:177
msgid "Follow LDAP referrals"
msgstr "Seguire i referral LDAP"
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:178
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:179
msgid "How to dereference aliases"
msgstr "Metodo di deferenziazione degli alias"
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:180
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:181
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:182
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:183
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:185
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:186
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:188
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:190
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:193
msgid "Length of time to wait for a search request"
msgstr "Durata attesa per le richieste di ricerca"
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:194
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:195
msgid "Length of time between enumeration updates"
msgstr "Durata tra gli aggiornamenti alle enumeration"
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:196
msgid "Length of time between cache cleanups"
msgstr "Intervallo di tempo per la pulizia cache"
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:197
msgid "Require TLS for ID lookups"
msgstr "Richiedere TLS per gli ID lookup"
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:198
+msgid "Use ID-mapping of objectSID instead of pre-set IDs"
+msgstr ""
+
+#: src/config/SSSDConfig.py:199
msgid "Base DN for user lookups"
msgstr "Base DN per i lookup utente"
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:200
msgid "Scope of user lookups"
msgstr "Ambito di applicazione dei lookup utente"
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:201
msgid "Filter for user lookups"
msgstr "Filtro per i lookup utente"
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:202
msgid "Objectclass for users"
msgstr "Objectclass per gli utenti"
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:203
msgid "Username attribute"
msgstr "Attributo del nome utente"
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:205
msgid "UID attribute"
msgstr "Attributo UID"
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:206
msgid "Primary GID attribute"
msgstr "Attributo del GID primario"
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:207
msgid "GECOS attribute"
msgstr "Attributo GECOS"
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:208
msgid "Home directory attribute"
msgstr "Attributo della home directory"
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:209
msgid "Shell attribute"
msgstr "Attributo della shell"
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:210
msgid "UUID attribute"
msgstr "Attributo UUID"
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:211 src/config/SSSDConfig.py:247
+#, fuzzy
+msgid "objectSID attribute"
+msgstr "Attributo UID"
+
+#: src/config/SSSDConfig.py:212
+msgid "Active Directory primary group attribute for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:213
msgid "User principal attribute (for Kerberos)"
msgstr "Attributo user principal (per Kerberos)"
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:214
msgid "Full Name"
msgstr "Nome completo"
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:215
msgid "memberOf attribute"
msgstr "Attributo memberOf"
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:216
msgid "Modification time attribute"
msgstr "Attributo data di modifica"
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:218
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:219
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:220
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:221
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:213
+#: src/config/SSSDConfig.py:222
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:223
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:224
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:225
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:226
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:227
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:228
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:229
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:230
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:231
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:232
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:233
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:234
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:226
+#: src/config/SSSDConfig.py:235
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:236
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:238
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:232
+#: src/config/SSSDConfig.py:241
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:242
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:243
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:235
+#: src/config/SSSDConfig.py:244
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:236
+#: src/config/SSSDConfig.py:245
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:246
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:248
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:240
+#: src/config/SSSDConfig.py:250
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:252
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:243
+#: src/config/SSSDConfig.py:253
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:244
+#: src/config/SSSDConfig.py:254
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:255
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:246
+#: src/config/SSSDConfig.py:256
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:247
+#: src/config/SSSDConfig.py:257
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:258
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:250
+#: src/config/SSSDConfig.py:260
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:251
+#: src/config/SSSDConfig.py:261
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig.py:252
+#: src/config/SSSDConfig.py:262
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig.py:253
+#: src/config/SSSDConfig.py:263
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig.py:254
+#: src/config/SSSDConfig.py:264
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig.py:258
+#: src/config/SSSDConfig.py:267
+msgid "Lower bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:268
+msgid "Upper bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:269
+msgid "Number of IDs for each slice when ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:270
+msgid "Use autorid-compatible algorithm for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:271
+msgid "Name of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:272
+msgid "SID of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:275
msgid "Policy to evaluate the password expiration"
msgstr "Politica per controllare la scadenza della password"
-#: src/config/SSSDConfig.py:261
+#: src/config/SSSDConfig.py:278
msgid "LDAP filter to determine access privileges"
msgstr "Filtro LDAP per determinare i privilegi di accesso"
-#: src/config/SSSDConfig.py:262
+#: src/config/SSSDConfig.py:279
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:263
+#: src/config/SSSDConfig.py:280
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:266
+#: src/config/SSSDConfig.py:283
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:267
+#: src/config/SSSDConfig.py:284
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:270
+#: src/config/SSSDConfig.py:287
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig.py:271
+#: src/config/SSSDConfig.py:288
msgid "Enable periodical update of all sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:272
+#: src/config/SSSDConfig.py:289
msgid "Length of time between rules updates"
msgstr ""
-#: src/config/SSSDConfig.py:273
+#: src/config/SSSDConfig.py:290
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:274
+#: src/config/SSSDConfig.py:291
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig.py:275
+#: src/config/SSSDConfig.py:292
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig.py:276
+#: src/config/SSSDConfig.py:293
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig.py:277
+#: src/config/SSSDConfig.py:294
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig.py:278
+#: src/config/SSSDConfig.py:295
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig.py:279
+#: src/config/SSSDConfig.py:296
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig.py:280
+#: src/config/SSSDConfig.py:297
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig.py:281
+#: src/config/SSSDConfig.py:298
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig.py:282
+#: src/config/SSSDConfig.py:299
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig.py:283
+#: src/config/SSSDConfig.py:300
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig.py:286
+#: src/config/SSSDConfig.py:303
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig.py:287
+#: src/config/SSSDConfig.py:304
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig.py:288
+#: src/config/SSSDConfig.py:305
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig.py:289
+#: src/config/SSSDConfig.py:306
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig.py:290
+#: src/config/SSSDConfig.py:307
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig.py:291
+#: src/config/SSSDConfig.py:308
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig.py:294
+#: src/config/SSSDConfig.py:311
msgid "Comma separated list of allowed users"
msgstr "Lista separata da virgola degli utenti abilitati"
-#: src/config/SSSDConfig.py:295
+#: src/config/SSSDConfig.py:312
msgid "Comma separated list of prohibited users"
msgstr "Lista separata da virgola degli utenti non abilitati"
-#: src/config/SSSDConfig.py:298
+#: src/config/SSSDConfig.py:315
msgid "Default shell, /bin/bash"
msgstr "Shell predefinita, /bin/bash"
-#: src/config/SSSDConfig.py:299
+#: src/config/SSSDConfig.py:316
msgid "Base for home directories"
msgstr "Base delle home directory"
-#: src/config/SSSDConfig.py:302
+#: src/config/SSSDConfig.py:319
msgid "The name of the NSS library to use"
msgstr "Il nome della libreria NSS da usare"
-#: src/config/SSSDConfig.py:305
+#: src/config/SSSDConfig.py:320
+msgid "Whether to look up canonical group name from cache if possible"
+msgstr ""
+
+#: src/config/SSSDConfig.py:323
msgid "PAM stack to use"
msgstr "Stack PAM da usare"
-#: src/monitor/monitor.c:2379
+#: src/monitor/monitor.c:2398
msgid "Become a daemon (default)"
msgstr "Esegui come demone (default)"
-#: src/monitor/monitor.c:2381
+#: src/monitor/monitor.c:2400
msgid "Run interactive (not a daemon)"
msgstr "Esegui interattivamente (non come demone)"
-#: src/monitor/monitor.c:2383 src/tools/sss_debuglevel.c:77
+#: src/monitor/monitor.c:2402 src/tools/sss_debuglevel.c:77
msgid "Specify a non-default config file"
msgstr "Specificare un file di configurazione specifico"
-#: src/monitor/monitor.c:2385
+#: src/monitor/monitor.c:2404
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381
-#: src/util/util.h:89
+#: src/providers/krb5/krb5_child.c:1606 src/providers/ldap/ldap_child.c:402
+#: src/util/util.h:91
msgid "Debug level"
msgstr "Livello debug"
-#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1608 src/providers/ldap/ldap_child.c:404
+#: src/util/util.h:95
msgid "Add debug timestamps"
msgstr "Includi timestamp di debug"
-#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385
-#: src/util/util.h:95
+#: src/providers/krb5/krb5_child.c:1610 src/providers/ldap/ldap_child.c:406
+#: src/util/util.h:97
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387
+#: src/providers/krb5/krb5_child.c:1612 src/providers/ldap/ldap_child.c:408
msgid "An open file descriptor for the debug logs"
msgstr "Un descrittore di file aperto per l'output di debug"
-#: src/providers/data_provider_be.c:2016
+#: src/providers/data_provider_be.c:2217
msgid "Domain of the information provider (mandatory)"
msgstr "Dominio del provider di informazioni (obbligatorio)"
@@ -921,95 +980,96 @@ msgstr ""
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:378
+#: src/sss_client/pam_sss.c:379
msgid "Passwords do not match"
msgstr "Le password non coincidono"
-#: src/sss_client/pam_sss.c:571
+#: src/sss_client/pam_sss.c:567
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:612
+#: src/sss_client/pam_sss.c:608
msgid "Authenticated with cached credentials"
msgstr "Autenticato con le credenziali nella cache"
-#: src/sss_client/pam_sss.c:613
+#: src/sss_client/pam_sss.c:609
msgid ", your cached password will expire at: "
msgstr ", la password in cache scadrà il: "
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:639
#, c-format
msgid "Your password has expired. You have %d grace login(s) remaining."
msgstr "La password è scaduta. Hai ancora a disposizione %d login di cortesia."
-#: src/sss_client/pam_sss.c:689
+#: src/sss_client/pam_sss.c:685
#, c-format
msgid "Your password will expire in %d %s."
msgstr "La password scadrà tra %d %s"
-#: src/sss_client/pam_sss.c:738
+#: src/sss_client/pam_sss.c:734
msgid "Authentication is denied until: "
msgstr "L'autenticazione verrà negata fino al: "
-#: src/sss_client/pam_sss.c:759
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr "Il sistema è offline, non è possibile richiedere un cambio password"
-#: src/sss_client/pam_sss.c:789 src/sss_client/pam_sss.c:802
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr "Cambio password fallito."
-#: src/sss_client/pam_sss.c:792 src/sss_client/pam_sss.c:803
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr "Messaggio del server:"
-#: src/sss_client/pam_sss.c:1286
+#: src/sss_client/pam_sss.c:1288
msgid "New Password: "
msgstr "Nuova password: "
-#: src/sss_client/pam_sss.c:1287
+#: src/sss_client/pam_sss.c:1289
msgid "Reenter new Password: "
msgstr "Conferma nuova password: "
-#: src/sss_client/pam_sss.c:1373
+#: src/sss_client/pam_sss.c:1375
msgid "Password: "
msgstr "Password: "
-#: src/sss_client/pam_sss.c:1405
+#: src/sss_client/pam_sss.c:1407
msgid "Current Password: "
msgstr "Password corrente: "
-#: src/sss_client/pam_sss.c:1552
+#: src/sss_client/pam_sss.c:1554
msgid "Password expired. Change your password now."
msgstr "Password scaduta. Cambiare la password ora."
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:211 src/tools/sss_useradd.c:48
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:43
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:615
#: src/tools/sss_userdel.c:131 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:254 src/tools/sss_debuglevel.c:75
+#: src/tools/sss_cache.c:321 src/tools/sss_debuglevel.c:75
msgid "The debug level to run with"
msgstr "Il livello di debug da utilizzare"
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:215
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:199
msgid "The SSSD domain to use"
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:58
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:229 src/tools/sss_useradd.c:71
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:216 src/tools/sss_useradd.c:71
#: src/tools/sss_groupadd.c:56 src/tools/sss_groupdel.c:52
#: src/tools/sss_groupmod.c:63 src/tools/sss_groupshow.c:626
#: src/tools/sss_userdel.c:148 src/tools/sss_usermod.c:72
-#: src/tools/sss_cache.c:275
+#: src/tools/sss_cache.c:352
msgid "Error setting the locale\n"
msgstr "Errore di impostazione del locale\n"
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:65
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:91
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:236
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:269
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:115
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:223
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:283
msgid "Not enough memory\n"
msgstr ""
@@ -1017,35 +1077,43 @@ msgstr ""
msgid "User not specified\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:104
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:282
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:105
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:297
msgid "Error looking up public keys\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:94
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:76
msgid "Failed to open a socket\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:104
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:86
msgid "Failed to connect to the server\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:179
msgid "Failed to execute proxy command\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:213
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:197
msgid "The port to use to connect to the host"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:255
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:242
msgid "Host not specified\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:261
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:248
msgid "The path to the proxy command must be absolute\n"
msgstr ""
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:263
+msgid "Host name cannot be resolved\n"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:274
+msgid "Reverse lookup failed\n"
+msgstr ""
+
#: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
msgid "The UID of the user"
msgstr "L'UID dell'utente"
@@ -1443,44 +1511,87 @@ msgstr "Impossibile modificare l'utente - utente già membro di gruppi?\n"
msgid "Transaction error. Could not modify user.\n"
msgstr "Errore nella transazione. Impossibile modificare l'utente.\n"
-#: src/tools/sss_cache.c:132
+#: src/tools/sss_cache.c:138
+msgid "No cache object matched the specified search\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:172
+#, c-format
+msgid "No such %s named %s, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:175
+#, c-format
+msgid "No objects of type %s in the cache, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:187
#, c-format
msgid "Couldn't invalidate %s"
msgstr ""
-#: src/tools/sss_cache.c:138
+#: src/tools/sss_cache.c:194
#, c-format
msgid "Couldn't invalidate %s %s"
msgstr ""
-#: src/tools/sss_cache.c:256
+#: src/tools/sss_cache.c:323
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:258
+#: src/tools/sss_cache.c:325
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:260
+#: src/tools/sss_cache.c:327
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:262
+#: src/tools/sss_cache.c:329
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:264
+#: src/tools/sss_cache.c:331
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:266
+#: src/tools/sss_cache.c:333
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:268
+#: src/tools/sss_cache.c:335
+msgid "Invalidate particular service"
+msgstr ""
+
+#: src/tools/sss_cache.c:337
+msgid "Invalidate all services"
+msgstr ""
+
+#: src/tools/sss_cache.c:340
+msgid "Invalidate particular autofs map"
+msgstr ""
+
+#: src/tools/sss_cache.c:342
+msgid "Invalidate all autofs maps"
+msgstr ""
+
+#: src/tools/sss_cache.c:345
msgid "Only invalidate entries from a particular domain"
msgstr ""
+#: src/tools/sss_cache.c:384
+msgid "Please select at least one object to invalidate\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:455
+#, c-format
+msgid "Could not open domain %s\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:457
+msgid "Could not open available domains\n"
+msgstr ""
+
#: src/tools/sss_debuglevel.c:43
msgid "\n"
msgstr ""
@@ -1498,6 +1609,6 @@ msgstr "Memoria esaurita\n"
msgid "%s must be run as root\n"
msgstr "%s deve essere eseguito come root\n"
-#: src/util/util.h:91
+#: src/util/util.h:93
msgid "Send the debug output to files instead of stderr"
msgstr "Redirigere l'output di debug su file anzichè stderr"
diff --git a/po/ja.po b/po/ja.po
index 4cdc38b3f..65c795c7c 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -8,8 +8,8 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2012-03-12 16:37-0400\n"
-"PO-Revision-Date: 2012-03-08 11:41+0000\n"
+"POT-Creation-Date: 2012-05-11 14:59-0400\n"
+"PO-Revision-Date: 2012-04-23 00:36+0000\n"
"Last-Translator: Tomoyuki KATO <tomo@dream.daynight.jp>\n"
"Language-Team: Japanese <trans-ja@lists.fedoraproject.org>\n"
"Language: ja\n"
@@ -39,38 +39,43 @@ msgid "Ping timeout before restarting service"
msgstr "サービス再起動前の Ping タイムアウト"
#: src/config/SSSDConfig.py:44
+msgid ""
+"Timeout between three failed ping checks and forcibly killing the service"
+msgstr ""
+
+#: src/config/SSSDConfig.py:45
msgid "Command to start service"
msgstr "サービス開始のコマンド"
-#: src/config/SSSDConfig.py:45
+#: src/config/SSSDConfig.py:46
msgid "Number of times to attempt connection to Data Providers"
msgstr "データプロバイダーの接続を試行する回数"
-#: src/config/SSSDConfig.py:46
+#: src/config/SSSDConfig.py:47
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig.py:49
+#: src/config/SSSDConfig.py:50
msgid "SSSD Services to start"
msgstr "開始する SSSD サービス"
-#: src/config/SSSDConfig.py:50
+#: src/config/SSSDConfig.py:51
msgid "SSSD Domains to start"
msgstr "開始する SSSD ドメイン"
-#: src/config/SSSDConfig.py:51
+#: src/config/SSSDConfig.py:52
msgid "Timeout for messages sent over the SBUS"
msgstr "SBUS 経由のメッセージ送信のタイムアウト"
-#: src/config/SSSDConfig.py:52
+#: src/config/SSSDConfig.py:53
msgid "Regex to parse username and domain"
msgstr "ユーザー名とドメインを構文解析する正規表現"
-#: src/config/SSSDConfig.py:53
+#: src/config/SSSDConfig.py:54
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr "完全修飾名を表示するための printf 互換の形式"
-#: src/config/SSSDConfig.py:54
+#: src/config/SSSDConfig.py:55
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -78,48 +83,54 @@ msgstr ""
"SSSD が Kerberos リプレイキャッシュファイルを保存するファイルシステムのディレ"
"クトリです。"
-#: src/config/SSSDConfig.py:57
+#: src/config/SSSDConfig.py:58
msgid "Enumeration cache timeout length (seconds)"
msgstr "列挙キャッシュのタイムアウト(秒)"
-#: src/config/SSSDConfig.py:58
+#: src/config/SSSDConfig.py:59
msgid "Entry cache background update timeout length (seconds)"
msgstr "エントリーキャッシュのバックグラウンド更新のタイムアウト時間(秒)"
-#: src/config/SSSDConfig.py:59 src/config/SSSDConfig.py:82
+#: src/config/SSSDConfig.py:60 src/config/SSSDConfig.py:85
msgid "Negative cache timeout length (seconds)"
msgstr "ネガティブキャッシュのタイムアウト(秒)"
-#: src/config/SSSDConfig.py:60
+#: src/config/SSSDConfig.py:61
msgid "Users that SSSD should explicitly ignore"
msgstr "SSSD が明示的に無視するユーザー"
-#: src/config/SSSDConfig.py:61
+#: src/config/SSSDConfig.py:62
msgid "Groups that SSSD should explicitly ignore"
msgstr "SSSD が明示的に無視するグループ"
-#: src/config/SSSDConfig.py:62
+#: src/config/SSSDConfig.py:63
msgid "Should filtered users appear in groups"
msgstr "フィルターされたユーザーをグループに表示する"
-#: src/config/SSSDConfig.py:63
+#: src/config/SSSDConfig.py:64
msgid "The value of the password field the NSS provider should return"
msgstr "NSS プロバイダーが返すパスワード項目の値"
-#: src/config/SSSDConfig.py:64
+#: src/config/SSSDConfig.py:65
msgid "Override homedir value from the identity provider with this value"
msgstr "識別プロバイダーからのホームディレクトリーの値をこの値で上書きする"
-#: src/config/SSSDConfig.py:65
+#: src/config/SSSDConfig.py:66
+#, fuzzy
+msgid ""
+"Substitute empty homedir value from the identity provider with this value"
+msgstr "識別プロバイダーからのホームディレクトリーの値をこの値で上書きする"
+
+#: src/config/SSSDConfig.py:67
msgid "The list of shells users are allowed to log in with"
msgstr "ユーザーがログインを許可されるシェルの一覧"
-#: src/config/SSSDConfig.py:66
+#: src/config/SSSDConfig.py:68
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr "拒否されてフォールバックシェルで置き換えられるシェルの一覧"
-#: src/config/SSSDConfig.py:67
+#: src/config/SSSDConfig.py:69
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
@@ -128,341 +139,349 @@ msgstr ""
"フォールバックを使用する"
#: src/config/SSSDConfig.py:70
+msgid "Shell to use if the provider does not list one"
+msgstr ""
+
+#: src/config/SSSDConfig.py:73
msgid "How long to allow cached logins between online logins (days)"
msgstr "オンラインログイン中にキャッシュによるログインが許容される期間(日数)"
-#: src/config/SSSDConfig.py:71
+#: src/config/SSSDConfig.py:74
msgid "How many failed logins attempts are allowed when offline"
msgstr "オフラインのときに許容されるログイン試行失敗回数"
-#: src/config/SSSDConfig.py:72
+#: src/config/SSSDConfig.py:75
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
msgstr "offline_failed_login_attempts に達した後にログインを拒否する時間(分)"
-#: src/config/SSSDConfig.py:73
+#: src/config/SSSDConfig.py:76
msgid "What kind of messages are displayed to the user during authentication"
msgstr "認証中にユーザーに表示されるメッセージの種類"
-#: src/config/SSSDConfig.py:74
+#: src/config/SSSDConfig.py:77
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr "PAM 要求に対してキャッシュされた認証情報を保持する秒数"
-#: src/config/SSSDConfig.py:75
+#: src/config/SSSDConfig.py:78
msgid "How many days before password expiration a warning should be displayed"
msgstr "警告が表示されるパスワード失効前の日数"
-#: src/config/SSSDConfig.py:78
+#: src/config/SSSDConfig.py:81
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr "sudo ルールにおいて時間による属性を評価するかどうか"
-#: src/config/SSSDConfig.py:79
+#: src/config/SSSDConfig.py:82
msgid ""
"How many seconds to keep sudorules cached before asking the provider again"
msgstr "再びプロバイダーに問い合わせる前に sudo ルールをキャッシュする秒数"
-#: src/config/SSSDConfig.py:85
+#: src/config/SSSDConfig.py:88
+msgid "Whether to hash host names and adresses in the known_hosts file"
+msgstr ""
+
+#: src/config/SSSDConfig.py:91
msgid "Identity provider"
msgstr "アイデンティティプロバイダー"
-#: src/config/SSSDConfig.py:86
+#: src/config/SSSDConfig.py:92
msgid "Authentication provider"
msgstr "認証プロバイダー"
-#: src/config/SSSDConfig.py:87
+#: src/config/SSSDConfig.py:93
msgid "Access control provider"
msgstr "アクセス制御プロバイダー"
-#: src/config/SSSDConfig.py:88
+#: src/config/SSSDConfig.py:94
msgid "Password change provider"
msgstr "パスワード変更プロバイダー"
-#: src/config/SSSDConfig.py:89
+#: src/config/SSSDConfig.py:95
msgid "SUDO provider"
msgstr "SUDO プロバイダー"
-#: src/config/SSSDConfig.py:90
+#: src/config/SSSDConfig.py:96
msgid "Autofs provider"
msgstr "Autofs プロバイダー"
-#: src/config/SSSDConfig.py:91
+#: src/config/SSSDConfig.py:97
msgid "Session-loading provider"
msgstr "セッション読み込みプロバイダー"
-#: src/config/SSSDConfig.py:92
+#: src/config/SSSDConfig.py:98
msgid "Host identity provider"
msgstr "ホスト識別プロバイダー"
-#: src/config/SSSDConfig.py:95
+#: src/config/SSSDConfig.py:101
msgid "Minimum user ID"
msgstr "最小ユーザー ID"
-#: src/config/SSSDConfig.py:96
+#: src/config/SSSDConfig.py:102
msgid "Maximum user ID"
msgstr "最大ユーザー ID"
-#: src/config/SSSDConfig.py:97
+#: src/config/SSSDConfig.py:103
msgid "Enable enumerating all users/groups"
msgstr "すべてのユーザー・グループの列挙を有効にする"
-#: src/config/SSSDConfig.py:98
+#: src/config/SSSDConfig.py:104
msgid "Cache credentials for offline login"
msgstr "オフラインログインのためにクレディンシャルをキャッシュする"
-#: src/config/SSSDConfig.py:99
+#: src/config/SSSDConfig.py:105
msgid "Store password hashes"
msgstr "パスワードハッシュを保存する"
-#: src/config/SSSDConfig.py:100
+#: src/config/SSSDConfig.py:106
msgid "Display users/groups in fully-qualified form"
msgstr "ユーザー・グループを完全修飾形式で表示する"
-#: src/config/SSSDConfig.py:101 src/config/SSSDConfig.py:108
-#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
-#: src/config/SSSDConfig.py:111 src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:115 src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:117 src/config/SSSDConfig.py:118
msgid "Entry cache timeout length (seconds)"
msgstr "エントリーキャッシュのタイムアウト長(秒)"
-#: src/config/SSSDConfig.py:102
+#: src/config/SSSDConfig.py:108
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr "DNS 検索を実行するときに特定のアドレスファミリーを制限または優先します"
-#: src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:109
msgid "How long to keep cached entries after last successful login (days)"
msgstr "最終ログイン成功時からキャッシュエントリーを保持する日数"
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:110
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr "サーバーを名前解決するときに DNS から応答を待つ時間(秒)"
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:111
msgid "The domain part of service discovery DNS query"
msgstr "サービス検索 DNS クエリーのドメイン部分"
-#: src/config/SSSDConfig.py:106
+#: src/config/SSSDConfig.py:112
msgid "Override GID value from the identity provider with this value"
msgstr "識別プロバイダーからの GID 値をこの値で上書きする"
-#: src/config/SSSDConfig.py:107
+#: src/config/SSSDConfig.py:113
msgid "Treat usernames as case sensitive"
msgstr "ユーザー名が大文字小文字を区別するよう取り扱う"
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:121
msgid "IPA domain"
msgstr "IPA ドメイン"
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:122
msgid "IPA server address"
msgstr "IPA サーバーのアドレス"
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:123
msgid "IPA client hostname"
msgstr "IPA クライアントのホスト名"
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:124
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr "FreeIPA にあるクライアントの DNS エントリーを自動的に更新するかどうか"
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:125
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr "動的 DNS 更新のために使用される IP のインターフェース"
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:126
msgid "Search base for HBAC related objects"
msgstr "HBAC 関連オブジェクトの検索ベース"
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:127
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr "IPA サーバーに対する HBAC ルールを検索している間の合計時間"
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:128
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr "DENY ルールが存在すると、DENY_ALL または IGNORE です"
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:129
msgid "If set to false, host argument given by PAM will be ignored"
msgstr "もし偽に設定されていると、 PAM により渡されたホスト引数は無視されます"
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:130
msgid "The automounter location this IPA client is using"
msgstr "この IPA クライアントが使用している automounter の場所"
-#: src/config/SSSDConfig.py:127 src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:133 src/config/SSSDConfig.py:134
msgid "Kerberos server address"
msgstr "Kerberos サーバーのアドレス"
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:135
msgid "Kerberos realm"
msgstr "Kerberos レルム"
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:136
msgid "Authentication timeout"
msgstr "認証のタイムアウト"
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:139
msgid "Directory to store credential caches"
msgstr "クレディンシャルのキャッシュを保存するディレクトリー"
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:140
msgid "Location of the user's credential cache"
msgstr "ユーザーのクレディンシャルキャッシュの位置"
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:141
msgid "Location of the keytab to validate credentials"
msgstr "クレディンシャルを検証するキーテーブルの場所"
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:142
msgid "Enable credential validation"
msgstr "クレディンシャルの検証を有効にする"
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:143
msgid "Store password if offline for later online authentication"
msgstr "後からオンライン認証するためにオフラインの場合にパスワードを保存します"
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:144
msgid "Renewable lifetime of the TGT"
msgstr "更新可能な TGT の有効期間"
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of the TGT"
msgstr "TGT の有効期間"
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:146
msgid "Time between two checks for renewal"
msgstr "更新を確認する間隔"
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:147
msgid "Enables FAST"
msgstr "FAST を有効にする"
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:148
msgid "Selects the principal to use for FAST"
msgstr "FAST に使用するプリンシパルを選択する"
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:149
msgid "Enables principal canonicalization"
msgstr "プリンシパル正規化を有効にする"
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:152
msgid "Server where the change password service is running if not on the KDC"
msgstr "KDC になければ、パスワード変更サービスが実行されているサーバー"
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:155
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, LDAP サーバーの URI"
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:156
msgid "The default base DN"
msgstr "デフォルトのベース DN"
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:157
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "LDAP サーバーにおいて使用中のスキーマ形式, rfc2307"
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:158
msgid "The default bind DN"
msgstr "デフォルトのバインド DN"
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:159
msgid "The type of the authentication token of the default bind DN"
msgstr "デフォルトのバインド DN の認証トークンの種類"
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:160
msgid "The authentication token of the default bind DN"
msgstr "デフォルトのバインド DN の認証トークン"
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:161
msgid "Length of time to attempt connection"
msgstr "接続を試行する時間"
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:162
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "LDAP 同期操作を試行する時間"
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:163
msgid "Length of time between attempts to reconnect while offline"
msgstr "オフラインの間に再接続を試行する時間"
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:164
msgid "Use only the upper case for realm names"
msgstr "レルム名に対して大文字のみを使用する"
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:165
msgid "File that contains CA certificates"
msgstr "CA 証明書を含むファイル"
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:166
msgid "Path to CA certificate directory"
msgstr "CA 証明書のディレクトリーのパス"
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:167
msgid "File that contains the client certificate"
msgstr "クライアント証明書を含むファイル"
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:168
msgid "File that contains the client key"
msgstr "クライアントの鍵を含むファイル"
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:169
msgid "List of possible ciphers suites"
msgstr "利用可能な暗号の一覧"
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:170
msgid "Require TLS certificate verification"
msgstr "TLS 証明書の検証を要求する"
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:171
msgid "Specify the sasl mechanism to use"
msgstr "使用する SASL メカニズムを指定する"
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:172
msgid "Specify the sasl authorization id to use"
msgstr "使用する SASL 認可 ID を指定する"
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:173
msgid "Specify the sasl authorization realm to use"
msgstr "使用する SASL 認可レルムを指定する"
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:174
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr "LDAP SASL 認可の最小 SSF を指定する"
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:175
msgid "Kerberos service keytab"
msgstr "Kerberos サービスのキーテーブル"
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:176
msgid "Use Kerberos auth for LDAP connection"
msgstr "LDAP 接続に対して Kerberos 認証を使用する"
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:177
msgid "Follow LDAP referrals"
msgstr "LDAP リフェラルにしたがう"
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:178
msgid "Lifetime of TGT for LDAP connection"
msgstr "LDAP 接続の TGT の有効期間"
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:179
msgid "How to dereference aliases"
msgstr "エイリアスを参照解決する方法"
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:180
msgid "Service name for DNS service lookups"
msgstr "DNS サービス検索のサービス名"
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:181
msgid "The number of records to retrieve in a single LDAP query"
msgstr "単一の LDAP 問い合わせにおいて取得するレコード数"
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:182
msgid "The number of members that must be missing to trigger a full deref"
msgstr "完全な参照解決を引き起こすために欠けている必要があるメンバーの数"
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:183
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
@@ -470,426 +489,467 @@ msgstr ""
"LDAP ライブラリーが SASL バインド中にホスト名を正規化するために逆引きを実行す"
"るかどうか"
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:185
msgid "entryUSN attribute"
msgstr "entryUSN 属性"
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:186
msgid "lastUSN attribute"
msgstr "lastUSN 属性"
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:188
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr "LDAP サーバーを切断する前に接続を保持する時間"
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:190
msgid "Disable the LDAP paging control"
msgstr "LDAP ページング制御を無効化する"
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:193
msgid "Length of time to wait for a search request"
msgstr "検索要求を待つ時間"
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:194
msgid "Length of time to wait for a enumeration request"
msgstr "列挙の要求を待つ時間"
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:195
msgid "Length of time between enumeration updates"
msgstr "列挙の更新間隔"
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:196
msgid "Length of time between cache cleanups"
msgstr "キャッシュをクリーンアップする間隔"
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:197
msgid "Require TLS for ID lookups"
msgstr "ID 検索に TLS を要求する"
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:198
+msgid "Use ID-mapping of objectSID instead of pre-set IDs"
+msgstr ""
+
+#: src/config/SSSDConfig.py:199
msgid "Base DN for user lookups"
msgstr "ユーザー検索のベース DN"
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:200
msgid "Scope of user lookups"
msgstr "ユーザー検索の範囲"
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:201
msgid "Filter for user lookups"
msgstr "ユーザー検索のフィルター"
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:202
msgid "Objectclass for users"
msgstr "ユーザーのオブジェクトクラス"
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:203
msgid "Username attribute"
msgstr "ユーザー名の属性"
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:205
msgid "UID attribute"
msgstr "UID の属性"
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:206
msgid "Primary GID attribute"
msgstr "プライマリー GID の属性"
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:207
msgid "GECOS attribute"
msgstr "GECOS の属性"
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:208
msgid "Home directory attribute"
msgstr "ホームディレクトリの属性"
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:209
msgid "Shell attribute"
msgstr "シェルの属性"
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:210
msgid "UUID attribute"
msgstr "UUID の属性"
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:211 src/config/SSSDConfig.py:247
+#, fuzzy
+msgid "objectSID attribute"
+msgstr "UID の属性"
+
+#: src/config/SSSDConfig.py:212
+msgid "Active Directory primary group attribute for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:213
msgid "User principal attribute (for Kerberos)"
msgstr "ユーザープリンシパルの属性(Kerberos 用)"
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:214
msgid "Full Name"
msgstr "氏名"
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:215
msgid "memberOf attribute"
msgstr "memberOf 属性"
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:216
msgid "Modification time attribute"
msgstr "変更日時の属性"
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:218
msgid "shadowLastChange attribute"
msgstr "shadowLastChange 属性"
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:219
msgid "shadowMin attribute"
msgstr "shadowMin 属性"
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:220
msgid "shadowMax attribute"
msgstr "shadowMax 属性"
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:221
msgid "shadowWarning attribute"
msgstr "shadowWarning 属性"
-#: src/config/SSSDConfig.py:213
+#: src/config/SSSDConfig.py:222
msgid "shadowInactive attribute"
msgstr "shadowInactive 属性"
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:223
msgid "shadowExpire attribute"
msgstr "shadowExpire 属性"
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:224
msgid "shadowFlag attribute"
msgstr "shadowFlag 属性"
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:225
msgid "Attribute listing authorized PAM services"
msgstr "認可された PAM サービスを一覧化する属性"
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:226
msgid "Attribute listing authorized server hosts"
msgstr "認可されたサーバーホストを一覧化する属性"
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:227
msgid "krbLastPwdChange attribute"
msgstr "krbLastPwdChange 属性"
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:228
msgid "krbPasswordExpiration attribute"
msgstr "krbPasswordExpiration 属性"
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:229
msgid "Attribute indicating that server side password policies are active"
msgstr "サーバー側パスワードポリシーが有効であることを意味する属性"
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:230
msgid "accountExpires attribute of AD"
msgstr "AD の accountExpires 属性"
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:231
msgid "userAccountControl attribute of AD"
msgstr "AD の userAccountControl 属性"
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:232
msgid "nsAccountLock attribute"
msgstr "nsAccountLock 属性"
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:233
msgid "loginDisabled attribute of NDS"
msgstr "NDS の loginDisabled 属性"
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:234
msgid "loginExpirationTime attribute of NDS"
msgstr "NDS の loginExpirationTime 属性"
-#: src/config/SSSDConfig.py:226
+#: src/config/SSSDConfig.py:235
msgid "loginAllowedTimeMap attribute of NDS"
msgstr "NDS の loginAllowedTimeMap 属性"
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:236
msgid "SSH public key attribute"
msgstr "SSH 公開鍵の属性"
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:238
msgid "Base DN for group lookups"
msgstr "グループ検索のベース DN"
-#: src/config/SSSDConfig.py:232
+#: src/config/SSSDConfig.py:241
msgid "Objectclass for groups"
msgstr "グループのオブジェクトクラス"
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:242
msgid "Group name"
msgstr "グループ名"
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:243
msgid "Group password"
msgstr "グループのパスワード"
-#: src/config/SSSDConfig.py:235
+#: src/config/SSSDConfig.py:244
msgid "GID attribute"
msgstr "GID 属性"
-#: src/config/SSSDConfig.py:236
+#: src/config/SSSDConfig.py:245
msgid "Group member attribute"
msgstr "グループメンバー属性"
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:246
msgid "Group UUID attribute"
msgstr "グループ UUID 属性"
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:248
msgid "Modification time attribute for groups"
msgstr "グループの変更日時の属性"
-#: src/config/SSSDConfig.py:240
+#: src/config/SSSDConfig.py:250
msgid "Maximum nesting level SSSd will follow"
msgstr "SSSd がしたがう最大入れ子レベル"
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:252
msgid "Base DN for netgroup lookups"
msgstr "ネットグループ検索のベース DN"
-#: src/config/SSSDConfig.py:243
+#: src/config/SSSDConfig.py:253
msgid "Objectclass for netgroups"
msgstr "ネットグループのオブジェクトクラス"
-#: src/config/SSSDConfig.py:244
+#: src/config/SSSDConfig.py:254
msgid "Netgroup name"
msgstr "ネットグループ名"
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:255
msgid "Netgroups members attribute"
msgstr "ネットグループメンバーの属性"
-#: src/config/SSSDConfig.py:246
+#: src/config/SSSDConfig.py:256
msgid "Netgroup triple attribute"
msgstr "ネットグループの三つ組の属性"
-#: src/config/SSSDConfig.py:247
+#: src/config/SSSDConfig.py:257
msgid "Netgroup UUID attribute"
msgstr "ネットグループ UUID の属性"
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:258
msgid "Modification time attribute for netgroups"
msgstr "ネットグループの変更日時の属性"
-#: src/config/SSSDConfig.py:250
+#: src/config/SSSDConfig.py:260
msgid "Base DN for service lookups"
msgstr "サービス検索のベース DN"
-#: src/config/SSSDConfig.py:251
+#: src/config/SSSDConfig.py:261
msgid "Objectclass for services"
msgstr "サービスのオブジェクトクラス"
-#: src/config/SSSDConfig.py:252
+#: src/config/SSSDConfig.py:262
msgid "Service name attribute"
msgstr "サービス名の属性"
-#: src/config/SSSDConfig.py:253
+#: src/config/SSSDConfig.py:263
msgid "Service port attribute"
msgstr "サービスポートの属性"
-#: src/config/SSSDConfig.py:254
+#: src/config/SSSDConfig.py:264
msgid "Service protocol attribute"
msgstr "サービスプロトコルの属性"
-#: src/config/SSSDConfig.py:258
+#: src/config/SSSDConfig.py:267
+msgid "Lower bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:268
+msgid "Upper bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:269
+msgid "Number of IDs for each slice when ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:270
+msgid "Use autorid-compatible algorithm for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:271
+msgid "Name of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:272
+msgid "SID of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:275
msgid "Policy to evaluate the password expiration"
msgstr "パスワード失効の評価のポリシー"
-#: src/config/SSSDConfig.py:261
+#: src/config/SSSDConfig.py:278
msgid "LDAP filter to determine access privileges"
msgstr "アクセス権限を決めるための LDAP フィルター"
-#: src/config/SSSDConfig.py:262
+#: src/config/SSSDConfig.py:279
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr "どの属性がアカウントが失効しているかを評価するために使用されるか"
-#: src/config/SSSDConfig.py:263
+#: src/config/SSSDConfig.py:280
msgid "Which rules should be used to evaluate access control"
msgstr "どのルールがアクセス制御を評価するために使用されるか"
-#: src/config/SSSDConfig.py:266
+#: src/config/SSSDConfig.py:283
msgid "URI of an LDAP server where password changes are allowed"
msgstr "パスワードの変更が許可される LDAP サーバーの URI"
-#: src/config/SSSDConfig.py:267
+#: src/config/SSSDConfig.py:284
msgid "DNS service name for LDAP password change server"
msgstr "LDAP パスワードの変更サーバーの DNS サービス名"
-#: src/config/SSSDConfig.py:270
+#: src/config/SSSDConfig.py:287
msgid "Base DN for sudo rules lookups"
msgstr "sudo ルール検索のベース DN"
-#: src/config/SSSDConfig.py:271
+#: src/config/SSSDConfig.py:288
msgid "Enable periodical update of all sudo rules"
msgstr "すべての sudo ルールの定期更新を有効にする"
-#: src/config/SSSDConfig.py:272
+#: src/config/SSSDConfig.py:289
msgid "Length of time between rules updates"
msgstr "ルールの更新間隔"
-#: src/config/SSSDConfig.py:273
+#: src/config/SSSDConfig.py:290
msgid "Object class for sudo rules"
msgstr "sudo ルールのオブジェクトクラス"
-#: src/config/SSSDConfig.py:274
+#: src/config/SSSDConfig.py:291
msgid "Sudo rule name"
msgstr "sudo ルール名"
-#: src/config/SSSDConfig.py:275
+#: src/config/SSSDConfig.py:292
msgid "Sudo rule command attribute"
msgstr "sudo ルールのコマンドの属性"
-#: src/config/SSSDConfig.py:276
+#: src/config/SSSDConfig.py:293
msgid "Sudo rule host attribute"
msgstr "sudo ルールのホストの属性"
-#: src/config/SSSDConfig.py:277
+#: src/config/SSSDConfig.py:294
msgid "Sudo rule user attribute"
msgstr "sudo ルールのユーザーの属性"
-#: src/config/SSSDConfig.py:278
+#: src/config/SSSDConfig.py:295
msgid "Sudo rule option attribute"
msgstr "sudo ルールのオプションの属性"
-#: src/config/SSSDConfig.py:279
+#: src/config/SSSDConfig.py:296
msgid "Sudo rule runasuser attribute"
msgstr "sudo ルールの runasuser の属性"
-#: src/config/SSSDConfig.py:280
+#: src/config/SSSDConfig.py:297
msgid "Sudo rule runasgroup attribute"
msgstr "sudo ルールの runasgroup の属性"
-#: src/config/SSSDConfig.py:281
+#: src/config/SSSDConfig.py:298
msgid "Sudo rule notbefore attribute"
msgstr "sudo ルールの notbefore の属性"
-#: src/config/SSSDConfig.py:282
+#: src/config/SSSDConfig.py:299
msgid "Sudo rule notafter attribute"
msgstr "sudo ルールの notafter の属性"
-#: src/config/SSSDConfig.py:283
+#: src/config/SSSDConfig.py:300
msgid "Sudo rule order attribute"
msgstr "sudo ルールの order の属性"
-#: src/config/SSSDConfig.py:286
+#: src/config/SSSDConfig.py:303
msgid "Object class for automounter maps"
msgstr "automounter マップのオブジェクトクラス"
-#: src/config/SSSDConfig.py:287
+#: src/config/SSSDConfig.py:304
msgid "Automounter map name attribute"
msgstr "オートマウントのマップ名の属性"
-#: src/config/SSSDConfig.py:288
+#: src/config/SSSDConfig.py:305
msgid "Object class for automounter map entries"
msgstr "automounter マップエントリーのオブジェクトクラス"
-#: src/config/SSSDConfig.py:289
+#: src/config/SSSDConfig.py:306
msgid "Automounter map entry key attribute"
msgstr "automounter マップエントリーのキー属性"
-#: src/config/SSSDConfig.py:290
+#: src/config/SSSDConfig.py:307
msgid "Automounter map entry value attribute"
msgstr "automounter マップエントリーの値属性"
-#: src/config/SSSDConfig.py:291
+#: src/config/SSSDConfig.py:308
msgid "Base DN for automounter map lookups"
msgstr "automonter のマップ検索のベース DN"
-#: src/config/SSSDConfig.py:294
+#: src/config/SSSDConfig.py:311
msgid "Comma separated list of allowed users"
msgstr "許可ユーザーのカンマ区切り一覧"
-#: src/config/SSSDConfig.py:295
+#: src/config/SSSDConfig.py:312
msgid "Comma separated list of prohibited users"
msgstr "禁止ユーザーのカンマ区切り一覧"
-#: src/config/SSSDConfig.py:298
+#: src/config/SSSDConfig.py:315
msgid "Default shell, /bin/bash"
msgstr "デフォルトのシェル, /bin/bash"
-#: src/config/SSSDConfig.py:299
+#: src/config/SSSDConfig.py:316
msgid "Base for home directories"
msgstr "ホームディレクトリーのベース"
-#: src/config/SSSDConfig.py:302
+#: src/config/SSSDConfig.py:319
msgid "The name of the NSS library to use"
msgstr "使用する NSS ライブラリーの名前"
-#: src/config/SSSDConfig.py:305
+#: src/config/SSSDConfig.py:320
+msgid "Whether to look up canonical group name from cache if possible"
+msgstr "可能ならばキャッシュから正規化されたグループ名を検索するかどうか"
+
+#: src/config/SSSDConfig.py:323
msgid "PAM stack to use"
msgstr "使用する PAM スタック"
-#: src/monitor/monitor.c:2379
+#: src/monitor/monitor.c:2398
msgid "Become a daemon (default)"
msgstr "デーモンとして実行(デフォルト)"
-#: src/monitor/monitor.c:2381
+#: src/monitor/monitor.c:2400
msgid "Run interactive (not a daemon)"
msgstr "対話的に実行(デーモンではない)"
-#: src/monitor/monitor.c:2383 src/tools/sss_debuglevel.c:77
+#: src/monitor/monitor.c:2402 src/tools/sss_debuglevel.c:77
msgid "Specify a non-default config file"
msgstr "非標準の設定ファイルの指定"
-#: src/monitor/monitor.c:2385
+#: src/monitor/monitor.c:2404
msgid "Print version number and exit"
msgstr "バージョン番号を表示して終了する"
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381
-#: src/util/util.h:89
+#: src/providers/krb5/krb5_child.c:1606 src/providers/ldap/ldap_child.c:402
+#: src/util/util.h:91
msgid "Debug level"
msgstr "デバッグレベル"
-#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1608 src/providers/ldap/ldap_child.c:404
+#: src/util/util.h:95
msgid "Add debug timestamps"
msgstr "デバッグのタイムスタンプを追加する"
-#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385
-#: src/util/util.h:95
+#: src/providers/krb5/krb5_child.c:1610 src/providers/ldap/ldap_child.c:406
+#: src/util/util.h:97
msgid "Show timestamps with microseconds"
msgstr "タイムスタンプをミリ秒単位で表示する"
-#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387
+#: src/providers/krb5/krb5_child.c:1612 src/providers/ldap/ldap_child.c:408
msgid "An open file descriptor for the debug logs"
msgstr "デバッグログのオープンファイルディスクリプター"
-#: src/providers/data_provider_be.c:2016
+#: src/providers/data_provider_be.c:2217
msgid "Domain of the information provider (mandatory)"
msgstr "情報プロバイダーのドメイン (必須)"
@@ -917,96 +977,97 @@ msgstr "エラーが発生しましたが、説明がありませんでした。
msgid "Unexpected error while looking for an error description"
msgstr "エラーの説明を検索中に予期しないエラーが発生しました"
-#: src/sss_client/pam_sss.c:378
+#: src/sss_client/pam_sss.c:379
msgid "Passwords do not match"
msgstr "パスワードが一致しません"
-#: src/sss_client/pam_sss.c:571
+#: src/sss_client/pam_sss.c:567
msgid "Password reset by root is not supported."
msgstr "root によるパスワードのリセットはサポートされません。"
-#: src/sss_client/pam_sss.c:612
+#: src/sss_client/pam_sss.c:608
msgid "Authenticated with cached credentials"
msgstr "キャッシュされているクレディンシャルを用いて認証されました"
-#: src/sss_client/pam_sss.c:613
+#: src/sss_client/pam_sss.c:609
msgid ", your cached password will expire at: "
msgstr "、キャッシュされたパスワードが失効します: "
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:639
#, c-format
msgid "Your password has expired. You have %d grace login(s) remaining."
msgstr ""
"パスワードの期限が切れました。%d 回の穏やかなログインが残されています。"
-#: src/sss_client/pam_sss.c:689
+#: src/sss_client/pam_sss.c:685
#, c-format
msgid "Your password will expire in %d %s."
msgstr "あなたのパスワードは %d %s に期限が切れます。"
-#: src/sss_client/pam_sss.c:738
+#: src/sss_client/pam_sss.c:734
msgid "Authentication is denied until: "
msgstr "次まで認証が拒否されます: "
-#: src/sss_client/pam_sss.c:759
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr "システムがオフラインです、パスワード変更ができません"
-#: src/sss_client/pam_sss.c:789 src/sss_client/pam_sss.c:802
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr "パスワードの変更に失敗しました。 "
-#: src/sss_client/pam_sss.c:792 src/sss_client/pam_sss.c:803
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr "サーバーのメッセージ: "
-#: src/sss_client/pam_sss.c:1286
+#: src/sss_client/pam_sss.c:1288
msgid "New Password: "
msgstr "新しいパスワード: "
-#: src/sss_client/pam_sss.c:1287
+#: src/sss_client/pam_sss.c:1289
msgid "Reenter new Password: "
msgstr "新しいパスワードの再入力: "
-#: src/sss_client/pam_sss.c:1373
+#: src/sss_client/pam_sss.c:1375
msgid "Password: "
msgstr "パスワード: "
-#: src/sss_client/pam_sss.c:1405
+#: src/sss_client/pam_sss.c:1407
msgid "Current Password: "
msgstr "現在のパスワード: "
-#: src/sss_client/pam_sss.c:1552
+#: src/sss_client/pam_sss.c:1554
msgid "Password expired. Change your password now."
msgstr "パスワードの期限が切れました。いますぐパスワードを変更してください。"
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:211 src/tools/sss_useradd.c:48
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:43
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:615
#: src/tools/sss_userdel.c:131 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:254 src/tools/sss_debuglevel.c:75
+#: src/tools/sss_cache.c:321 src/tools/sss_debuglevel.c:75
msgid "The debug level to run with"
msgstr "実行するデバッグレベル"
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:215
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:199
msgid "The SSSD domain to use"
msgstr "使用する SSSD ドメイン"
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:58
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:229 src/tools/sss_useradd.c:71
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:216 src/tools/sss_useradd.c:71
#: src/tools/sss_groupadd.c:56 src/tools/sss_groupdel.c:52
#: src/tools/sss_groupmod.c:63 src/tools/sss_groupshow.c:626
#: src/tools/sss_userdel.c:148 src/tools/sss_usermod.c:72
-#: src/tools/sss_cache.c:275
+#: src/tools/sss_cache.c:352
msgid "Error setting the locale\n"
msgstr "ロケールの設定中にエラーが発生しました\n"
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:65
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:91
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:236
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:269
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:115
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:223
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:283
msgid "Not enough memory\n"
msgstr "十分なメモリーがありません\n"
@@ -1014,35 +1075,43 @@ msgstr "十分なメモリーがありません\n"
msgid "User not specified\n"
msgstr "ユーザーが指定されていません\n"
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:104
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:282
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:105
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:297
msgid "Error looking up public keys\n"
msgstr "公開鍵の検索中にエラーが発生しました\n"
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:94
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:76
msgid "Failed to open a socket\n"
msgstr "ソケットのオープンに失敗しました\n"
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:104
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:86
msgid "Failed to connect to the server\n"
msgstr "サーバーへの接続に失敗しました\n"
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:179
msgid "Failed to execute proxy command\n"
msgstr "プロキシーコマンドの実行に失敗しました\n"
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:213
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:197
msgid "The port to use to connect to the host"
msgstr "ホストへの接続に使用するポート"
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:255
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:242
msgid "Host not specified\n"
msgstr "ホストが指定されていません\n"
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:261
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:248
msgid "The path to the proxy command must be absolute\n"
msgstr "プロキシーコマンドへのパスは絶対パスにする必要があります\n"
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:263
+msgid "Host name cannot be resolved\n"
+msgstr "ホスト名が解決できません\n"
+
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:274
+msgid "Reverse lookup failed\n"
+msgstr "逆引きに失敗しました\n"
+
#: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
msgid "The UID of the user"
msgstr "ユーザーの UID"
@@ -1441,44 +1510,91 @@ msgstr ""
msgid "Transaction error. Could not modify user.\n"
msgstr "トランザクションエラー。ユーザーを変更できませんでした。\n"
-#: src/tools/sss_cache.c:132
+#: src/tools/sss_cache.c:138
+msgid "No cache object matched the specified search\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:172
+#, c-format
+msgid "No such %s named %s, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:175
+#, c-format
+msgid "No objects of type %s in the cache, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:187
#, c-format
msgid "Couldn't invalidate %s"
msgstr "%s を無効化できませんでした"
-#: src/tools/sss_cache.c:138
+#: src/tools/sss_cache.c:194
#, c-format
msgid "Couldn't invalidate %s %s"
msgstr "%s %s を無効化できませんでした"
-#: src/tools/sss_cache.c:256
+#: src/tools/sss_cache.c:323
msgid "Invalidate particular user"
msgstr "特定のユーザーを無効にする"
-#: src/tools/sss_cache.c:258
+#: src/tools/sss_cache.c:325
msgid "Invalidate all users"
msgstr "すべてのユーザーを無効にする"
-#: src/tools/sss_cache.c:260
+#: src/tools/sss_cache.c:327
msgid "Invalidate particular group"
msgstr "特定のグループを無効にする"
-#: src/tools/sss_cache.c:262
+#: src/tools/sss_cache.c:329
msgid "Invalidate all groups"
msgstr "すべてのグループを無効にする"
-#: src/tools/sss_cache.c:264
+#: src/tools/sss_cache.c:331
msgid "Invalidate particular netgroup"
msgstr "特定のネットワークグループを無効にする"
-#: src/tools/sss_cache.c:266
+#: src/tools/sss_cache.c:333
msgid "Invalidate all netgroups"
msgstr "すべてのネットワークグループを無効にする"
-#: src/tools/sss_cache.c:268
+#: src/tools/sss_cache.c:335
+#, fuzzy
+msgid "Invalidate particular service"
+msgstr "特定のユーザーを無効にする"
+
+#: src/tools/sss_cache.c:337
+#, fuzzy
+msgid "Invalidate all services"
+msgstr "すべてのユーザーを無効にする"
+
+#: src/tools/sss_cache.c:340
+#, fuzzy
+msgid "Invalidate particular autofs map"
+msgstr "特定のユーザーを無効にする"
+
+#: src/tools/sss_cache.c:342
+#, fuzzy
+msgid "Invalidate all autofs maps"
+msgstr "すべてのユーザーを無効にする"
+
+#: src/tools/sss_cache.c:345
msgid "Only invalidate entries from a particular domain"
msgstr "特定のドメインのみからエントリーを無効にする"
+#: src/tools/sss_cache.c:384
+msgid "Please select at least one object to invalidate\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:455
+#, c-format
+msgid "Could not open domain %s\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:457
+msgid "Could not open available domains\n"
+msgstr ""
+
#: src/tools/sss_debuglevel.c:43
msgid "\n"
msgstr "\n"
@@ -1496,6 +1612,6 @@ msgstr "メモリー不足\n"
msgid "%s must be run as root\n"
msgstr "%s は root として実行する必要があります\n"
-#: src/util/util.h:91
+#: src/util/util.h:93
msgid "Send the debug output to files instead of stderr"
msgstr "デバッグ出力を標準エラーの代わりにファイルに送信する"
diff --git a/po/nb.po b/po/nb.po
new file mode 100644
index 000000000..dfc90ff22
--- /dev/null
+++ b/po/nb.po
@@ -0,0 +1,1577 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR Red Hat, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+#
+# Translators:
+# Kjartan Maraas <kmaraas@gnome.org>, 2012.
+msgid ""
+msgstr ""
+"Project-Id-Version: SSSD\n"
+"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
+"POT-Creation-Date: 2012-05-11 14:59-0400\n"
+"PO-Revision-Date: 2012-04-25 18:21+0000\n"
+"Last-Translator: Kjartan Maraas <kmaraas@gnome.org>\n"
+"Language-Team: Norwegian Bokmål <i18n-nb@lister.ping.uio.no>\n"
+"Language: nb\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1)\n"
+
+#: src/config/SSSDConfig.py:39
+msgid "Set the verbosity of the debug logging"
+msgstr ""
+
+#: src/config/SSSDConfig.py:40
+msgid "Include timestamps in debug logs"
+msgstr ""
+
+#: src/config/SSSDConfig.py:41
+msgid "Include microseconds in timestamps in debug logs"
+msgstr ""
+
+#: src/config/SSSDConfig.py:42
+msgid "Write debug messages to logfiles"
+msgstr ""
+
+#: src/config/SSSDConfig.py:43
+msgid "Ping timeout before restarting service"
+msgstr ""
+
+#: src/config/SSSDConfig.py:44
+msgid ""
+"Timeout between three failed ping checks and forcibly killing the service"
+msgstr ""
+
+#: src/config/SSSDConfig.py:45
+msgid "Command to start service"
+msgstr ""
+
+#: src/config/SSSDConfig.py:46
+msgid "Number of times to attempt connection to Data Providers"
+msgstr ""
+
+#: src/config/SSSDConfig.py:47
+msgid "The number of file descriptors that may be opened by this responder"
+msgstr ""
+
+#: src/config/SSSDConfig.py:50
+msgid "SSSD Services to start"
+msgstr "SSSD-tjenester som skal startes"
+
+#: src/config/SSSDConfig.py:51
+msgid "SSSD Domains to start"
+msgstr "SSSD-domener som skal startes"
+
+#: src/config/SSSDConfig.py:52
+msgid "Timeout for messages sent over the SBUS"
+msgstr "Tidsavbrudd for meldinger som sendes over SBUS"
+
+#: src/config/SSSDConfig.py:53
+msgid "Regex to parse username and domain"
+msgstr ""
+
+#: src/config/SSSDConfig.py:54
+msgid "Printf-compatible format for displaying fully-qualified names"
+msgstr ""
+
+#: src/config/SSSDConfig.py:55
+msgid ""
+"Directory on the filesystem where SSSD should store Kerberos replay cache "
+"files."
+msgstr ""
+
+#: src/config/SSSDConfig.py:58
+msgid "Enumeration cache timeout length (seconds)"
+msgstr ""
+
+#: src/config/SSSDConfig.py:59
+msgid "Entry cache background update timeout length (seconds)"
+msgstr ""
+
+#: src/config/SSSDConfig.py:60 src/config/SSSDConfig.py:85
+msgid "Negative cache timeout length (seconds)"
+msgstr ""
+
+#: src/config/SSSDConfig.py:61
+msgid "Users that SSSD should explicitly ignore"
+msgstr ""
+
+#: src/config/SSSDConfig.py:62
+msgid "Groups that SSSD should explicitly ignore"
+msgstr ""
+
+#: src/config/SSSDConfig.py:63
+msgid "Should filtered users appear in groups"
+msgstr ""
+
+#: src/config/SSSDConfig.py:64
+msgid "The value of the password field the NSS provider should return"
+msgstr ""
+
+#: src/config/SSSDConfig.py:65
+msgid "Override homedir value from the identity provider with this value"
+msgstr ""
+
+#: src/config/SSSDConfig.py:66
+msgid ""
+"Substitute empty homedir value from the identity provider with this value"
+msgstr ""
+
+#: src/config/SSSDConfig.py:67
+msgid "The list of shells users are allowed to log in with"
+msgstr ""
+
+#: src/config/SSSDConfig.py:68
+msgid ""
+"The list of shells that will be vetoed, and replaced with the fallback shell"
+msgstr ""
+
+#: src/config/SSSDConfig.py:69
+msgid ""
+"If a shell stored in central directory is allowed but not available, use "
+"this fallback"
+msgstr ""
+
+#: src/config/SSSDConfig.py:70
+msgid "Shell to use if the provider does not list one"
+msgstr ""
+
+#: src/config/SSSDConfig.py:73
+msgid "How long to allow cached logins between online logins (days)"
+msgstr ""
+
+#: src/config/SSSDConfig.py:74
+msgid "How many failed logins attempts are allowed when offline"
+msgstr ""
+
+#: src/config/SSSDConfig.py:75
+msgid ""
+"How long (minutes) to deny login after offline_failed_login_attempts has "
+"been reached"
+msgstr ""
+
+#: src/config/SSSDConfig.py:76
+msgid "What kind of messages are displayed to the user during authentication"
+msgstr ""
+
+#: src/config/SSSDConfig.py:77
+msgid "How many seconds to keep identity information cached for PAM requests"
+msgstr ""
+
+#: src/config/SSSDConfig.py:78
+msgid "How many days before password expiration a warning should be displayed"
+msgstr ""
+
+#: src/config/SSSDConfig.py:81
+msgid "Whether to evaluate the time-based attributes in sudo rules"
+msgstr ""
+
+#: src/config/SSSDConfig.py:82
+msgid ""
+"How many seconds to keep sudorules cached before asking the provider again"
+msgstr ""
+
+#: src/config/SSSDConfig.py:88
+msgid "Whether to hash host names and adresses in the known_hosts file"
+msgstr ""
+
+#: src/config/SSSDConfig.py:91
+msgid "Identity provider"
+msgstr "Identitetstilbyder"
+
+#: src/config/SSSDConfig.py:92
+msgid "Authentication provider"
+msgstr "Autentiseringstilbyder"
+
+#: src/config/SSSDConfig.py:93
+msgid "Access control provider"
+msgstr "Tilgangskontrolltilbyder"
+
+#: src/config/SSSDConfig.py:94
+msgid "Password change provider"
+msgstr "Passordbyttetilbyder"
+
+#: src/config/SSSDConfig.py:95
+msgid "SUDO provider"
+msgstr ""
+
+#: src/config/SSSDConfig.py:96
+msgid "Autofs provider"
+msgstr ""
+
+#: src/config/SSSDConfig.py:97
+msgid "Session-loading provider"
+msgstr ""
+
+#: src/config/SSSDConfig.py:98
+msgid "Host identity provider"
+msgstr ""
+
+#: src/config/SSSDConfig.py:101
+msgid "Minimum user ID"
+msgstr "Minste bruker-ID"
+
+#: src/config/SSSDConfig.py:102
+msgid "Maximum user ID"
+msgstr "Største bruker-ID"
+
+#: src/config/SSSDConfig.py:103
+msgid "Enable enumerating all users/groups"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104
+msgid "Cache credentials for offline login"
+msgstr ""
+
+#: src/config/SSSDConfig.py:105
+msgid "Store password hashes"
+msgstr ""
+
+#: src/config/SSSDConfig.py:106
+msgid "Display users/groups in fully-qualified form"
+msgstr ""
+
+#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:115 src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:117 src/config/SSSDConfig.py:118
+msgid "Entry cache timeout length (seconds)"
+msgstr ""
+
+#: src/config/SSSDConfig.py:108
+msgid ""
+"Restrict or prefer a specific address family when performing DNS lookups"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109
+msgid "How long to keep cached entries after last successful login (days)"
+msgstr ""
+
+#: src/config/SSSDConfig.py:110
+msgid "How long to wait for replies from DNS when resolving servers (seconds)"
+msgstr ""
+
+#: src/config/SSSDConfig.py:111
+msgid "The domain part of service discovery DNS query"
+msgstr ""
+
+#: src/config/SSSDConfig.py:112
+msgid "Override GID value from the identity provider with this value"
+msgstr ""
+
+#: src/config/SSSDConfig.py:113
+msgid "Treat usernames as case sensitive"
+msgstr ""
+
+#: src/config/SSSDConfig.py:121
+msgid "IPA domain"
+msgstr "IPA-domene"
+
+#: src/config/SSSDConfig.py:122
+msgid "IPA server address"
+msgstr "IPA-tjeneradresse"
+
+#: src/config/SSSDConfig.py:123
+msgid "IPA client hostname"
+msgstr "Vertsnavn for IPA-klient"
+
+#: src/config/SSSDConfig.py:124
+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
+msgstr ""
+
+#: src/config/SSSDConfig.py:125
+msgid "The interface whose IP should be used for dynamic DNS updates"
+msgstr ""
+
+#: src/config/SSSDConfig.py:126
+msgid "Search base for HBAC related objects"
+msgstr ""
+
+#: src/config/SSSDConfig.py:127
+msgid ""
+"The amount of time between lookups of the HBAC rules against the IPA server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:128
+msgid "If DENY rules are present, either DENY_ALL or IGNORE"
+msgstr ""
+
+#: src/config/SSSDConfig.py:129
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:130
+msgid "The automounter location this IPA client is using"
+msgstr ""
+
+#: src/config/SSSDConfig.py:133 src/config/SSSDConfig.py:134
+msgid "Kerberos server address"
+msgstr "Tjeneradresse for Kerberos"
+
+#: src/config/SSSDConfig.py:135
+msgid "Kerberos realm"
+msgstr "Kerberos-område"
+
+#: src/config/SSSDConfig.py:136
+msgid "Authentication timeout"
+msgstr "Tidsavbrudd for autentisering"
+
+#: src/config/SSSDConfig.py:139
+msgid "Directory to store credential caches"
+msgstr ""
+
+#: src/config/SSSDConfig.py:140
+msgid "Location of the user's credential cache"
+msgstr ""
+
+#: src/config/SSSDConfig.py:141
+msgid "Location of the keytab to validate credentials"
+msgstr ""
+
+#: src/config/SSSDConfig.py:142
+msgid "Enable credential validation"
+msgstr ""
+
+#: src/config/SSSDConfig.py:143
+msgid "Store password if offline for later online authentication"
+msgstr ""
+
+#: src/config/SSSDConfig.py:144
+msgid "Renewable lifetime of the TGT"
+msgstr ""
+
+#: src/config/SSSDConfig.py:145
+msgid "Lifetime of the TGT"
+msgstr ""
+
+#: src/config/SSSDConfig.py:146
+msgid "Time between two checks for renewal"
+msgstr ""
+
+#: src/config/SSSDConfig.py:147
+msgid "Enables FAST"
+msgstr ""
+
+#: src/config/SSSDConfig.py:148
+msgid "Selects the principal to use for FAST"
+msgstr ""
+
+#: src/config/SSSDConfig.py:149
+msgid "Enables principal canonicalization"
+msgstr ""
+
+#: src/config/SSSDConfig.py:152
+msgid "Server where the change password service is running if not on the KDC"
+msgstr ""
+
+#: src/config/SSSDConfig.py:155
+msgid "ldap_uri, The URI of the LDAP server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:156
+msgid "The default base DN"
+msgstr ""
+
+#: src/config/SSSDConfig.py:157
+msgid "The Schema Type in use on the LDAP server, rfc2307"
+msgstr ""
+
+#: src/config/SSSDConfig.py:158
+msgid "The default bind DN"
+msgstr ""
+
+#: src/config/SSSDConfig.py:159
+msgid "The type of the authentication token of the default bind DN"
+msgstr ""
+
+#: src/config/SSSDConfig.py:160
+msgid "The authentication token of the default bind DN"
+msgstr ""
+
+#: src/config/SSSDConfig.py:161
+msgid "Length of time to attempt connection"
+msgstr ""
+
+#: src/config/SSSDConfig.py:162
+msgid "Length of time to attempt synchronous LDAP operations"
+msgstr ""
+
+#: src/config/SSSDConfig.py:163
+msgid "Length of time between attempts to reconnect while offline"
+msgstr ""
+
+#: src/config/SSSDConfig.py:164
+msgid "Use only the upper case for realm names"
+msgstr ""
+
+#: src/config/SSSDConfig.py:165
+msgid "File that contains CA certificates"
+msgstr ""
+
+#: src/config/SSSDConfig.py:166
+msgid "Path to CA certificate directory"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
+msgid "File that contains the client certificate"
+msgstr ""
+
+#: src/config/SSSDConfig.py:168
+msgid "File that contains the client key"
+msgstr ""
+
+#: src/config/SSSDConfig.py:169
+msgid "List of possible ciphers suites"
+msgstr ""
+
+#: src/config/SSSDConfig.py:170
+msgid "Require TLS certificate verification"
+msgstr ""
+
+#: src/config/SSSDConfig.py:171
+msgid "Specify the sasl mechanism to use"
+msgstr ""
+
+#: src/config/SSSDConfig.py:172
+msgid "Specify the sasl authorization id to use"
+msgstr ""
+
+#: src/config/SSSDConfig.py:173
+msgid "Specify the sasl authorization realm to use"
+msgstr ""
+
+#: src/config/SSSDConfig.py:174
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr ""
+
+#: src/config/SSSDConfig.py:175
+msgid "Kerberos service keytab"
+msgstr ""
+
+#: src/config/SSSDConfig.py:176
+msgid "Use Kerberos auth for LDAP connection"
+msgstr ""
+
+#: src/config/SSSDConfig.py:177
+msgid "Follow LDAP referrals"
+msgstr ""
+
+#: src/config/SSSDConfig.py:178
+msgid "Lifetime of TGT for LDAP connection"
+msgstr ""
+
+#: src/config/SSSDConfig.py:179
+msgid "How to dereference aliases"
+msgstr ""
+
+#: src/config/SSSDConfig.py:180
+msgid "Service name for DNS service lookups"
+msgstr ""
+
+#: src/config/SSSDConfig.py:181
+msgid "The number of records to retrieve in a single LDAP query"
+msgstr ""
+
+#: src/config/SSSDConfig.py:182
+msgid "The number of members that must be missing to trigger a full deref"
+msgstr ""
+
+#: src/config/SSSDConfig.py:183
+msgid ""
+"Whether the LDAP library should perform a reverse lookup to canonicalize the "
+"host name during a SASL bind"
+msgstr ""
+
+#: src/config/SSSDConfig.py:185
+msgid "entryUSN attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:186
+msgid "lastUSN attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:188
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:190
+msgid "Disable the LDAP paging control"
+msgstr ""
+
+#: src/config/SSSDConfig.py:193
+msgid "Length of time to wait for a search request"
+msgstr ""
+
+#: src/config/SSSDConfig.py:194
+msgid "Length of time to wait for a enumeration request"
+msgstr ""
+
+#: src/config/SSSDConfig.py:195
+msgid "Length of time between enumeration updates"
+msgstr ""
+
+#: src/config/SSSDConfig.py:196
+msgid "Length of time between cache cleanups"
+msgstr ""
+
+#: src/config/SSSDConfig.py:197
+msgid "Require TLS for ID lookups"
+msgstr ""
+
+#: src/config/SSSDConfig.py:198
+msgid "Use ID-mapping of objectSID instead of pre-set IDs"
+msgstr ""
+
+#: src/config/SSSDConfig.py:199
+msgid "Base DN for user lookups"
+msgstr ""
+
+#: src/config/SSSDConfig.py:200
+msgid "Scope of user lookups"
+msgstr ""
+
+#: src/config/SSSDConfig.py:201
+msgid "Filter for user lookups"
+msgstr ""
+
+#: src/config/SSSDConfig.py:202
+msgid "Objectclass for users"
+msgstr ""
+
+#: src/config/SSSDConfig.py:203
+msgid "Username attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:205
+msgid "UID attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:206
+msgid "Primary GID attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:207
+msgid "GECOS attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:208
+msgid "Home directory attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:209
+msgid "Shell attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:210
+msgid "UUID attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:211 src/config/SSSDConfig.py:247
+msgid "objectSID attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:212
+msgid "Active Directory primary group attribute for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:213
+msgid "User principal attribute (for Kerberos)"
+msgstr ""
+
+#: src/config/SSSDConfig.py:214
+msgid "Full Name"
+msgstr ""
+
+#: src/config/SSSDConfig.py:215
+msgid "memberOf attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:216
+msgid "Modification time attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:218
+msgid "shadowLastChange attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:219
+msgid "shadowMin attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:220
+msgid "shadowMax attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:221
+msgid "shadowWarning attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:222
+msgid "shadowInactive attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:223
+msgid "shadowExpire attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:224
+msgid "shadowFlag attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:225
+msgid "Attribute listing authorized PAM services"
+msgstr ""
+
+#: src/config/SSSDConfig.py:226
+msgid "Attribute listing authorized server hosts"
+msgstr ""
+
+#: src/config/SSSDConfig.py:227
+msgid "krbLastPwdChange attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:228
+msgid "krbPasswordExpiration attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:229
+msgid "Attribute indicating that server side password policies are active"
+msgstr ""
+
+#: src/config/SSSDConfig.py:230
+msgid "accountExpires attribute of AD"
+msgstr ""
+
+#: src/config/SSSDConfig.py:231
+msgid "userAccountControl attribute of AD"
+msgstr ""
+
+#: src/config/SSSDConfig.py:232
+msgid "nsAccountLock attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:233
+msgid "loginDisabled attribute of NDS"
+msgstr ""
+
+#: src/config/SSSDConfig.py:234
+msgid "loginExpirationTime attribute of NDS"
+msgstr ""
+
+#: src/config/SSSDConfig.py:235
+msgid "loginAllowedTimeMap attribute of NDS"
+msgstr ""
+
+#: src/config/SSSDConfig.py:236
+msgid "SSH public key attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:238
+msgid "Base DN for group lookups"
+msgstr ""
+
+#: src/config/SSSDConfig.py:241
+msgid "Objectclass for groups"
+msgstr ""
+
+#: src/config/SSSDConfig.py:242
+msgid "Group name"
+msgstr ""
+
+#: src/config/SSSDConfig.py:243
+msgid "Group password"
+msgstr ""
+
+#: src/config/SSSDConfig.py:244
+msgid "GID attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:245
+msgid "Group member attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:246
+msgid "Group UUID attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:248
+msgid "Modification time attribute for groups"
+msgstr ""
+
+#: src/config/SSSDConfig.py:250
+msgid "Maximum nesting level SSSd will follow"
+msgstr ""
+
+#: src/config/SSSDConfig.py:252
+msgid "Base DN for netgroup lookups"
+msgstr ""
+
+#: src/config/SSSDConfig.py:253
+msgid "Objectclass for netgroups"
+msgstr ""
+
+#: src/config/SSSDConfig.py:254
+msgid "Netgroup name"
+msgstr ""
+
+#: src/config/SSSDConfig.py:255
+msgid "Netgroups members attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:256
+msgid "Netgroup triple attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:257
+msgid "Netgroup UUID attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:258
+msgid "Modification time attribute for netgroups"
+msgstr ""
+
+#: src/config/SSSDConfig.py:260
+msgid "Base DN for service lookups"
+msgstr ""
+
+#: src/config/SSSDConfig.py:261
+msgid "Objectclass for services"
+msgstr ""
+
+#: src/config/SSSDConfig.py:262
+msgid "Service name attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:263
+msgid "Service port attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:264
+msgid "Service protocol attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:267
+msgid "Lower bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:268
+msgid "Upper bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:269
+msgid "Number of IDs for each slice when ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:270
+msgid "Use autorid-compatible algorithm for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:271
+msgid "Name of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:272
+msgid "SID of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:275
+msgid "Policy to evaluate the password expiration"
+msgstr ""
+
+#: src/config/SSSDConfig.py:278
+msgid "LDAP filter to determine access privileges"
+msgstr ""
+
+#: src/config/SSSDConfig.py:279
+msgid "Which attributes shall be used to evaluate if an account is expired"
+msgstr ""
+
+#: src/config/SSSDConfig.py:280
+msgid "Which rules should be used to evaluate access control"
+msgstr ""
+
+#: src/config/SSSDConfig.py:283
+msgid "URI of an LDAP server where password changes are allowed"
+msgstr ""
+
+#: src/config/SSSDConfig.py:284
+msgid "DNS service name for LDAP password change server"
+msgstr ""
+
+#: src/config/SSSDConfig.py:287
+msgid "Base DN for sudo rules lookups"
+msgstr ""
+
+#: src/config/SSSDConfig.py:288
+msgid "Enable periodical update of all sudo rules"
+msgstr ""
+
+#: src/config/SSSDConfig.py:289
+msgid "Length of time between rules updates"
+msgstr ""
+
+#: src/config/SSSDConfig.py:290
+msgid "Object class for sudo rules"
+msgstr ""
+
+#: src/config/SSSDConfig.py:291
+msgid "Sudo rule name"
+msgstr ""
+
+#: src/config/SSSDConfig.py:292
+msgid "Sudo rule command attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:293
+msgid "Sudo rule host attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:294
+msgid "Sudo rule user attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:295
+msgid "Sudo rule option attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:296
+msgid "Sudo rule runasuser attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:297
+msgid "Sudo rule runasgroup attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:298
+msgid "Sudo rule notbefore attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:299
+msgid "Sudo rule notafter attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:300
+msgid "Sudo rule order attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:303
+msgid "Object class for automounter maps"
+msgstr ""
+
+#: src/config/SSSDConfig.py:304
+msgid "Automounter map name attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:305
+msgid "Object class for automounter map entries"
+msgstr ""
+
+#: src/config/SSSDConfig.py:306
+msgid "Automounter map entry key attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:307
+msgid "Automounter map entry value attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:308
+msgid "Base DN for automounter map lookups"
+msgstr ""
+
+#: src/config/SSSDConfig.py:311
+msgid "Comma separated list of allowed users"
+msgstr ""
+
+#: src/config/SSSDConfig.py:312
+msgid "Comma separated list of prohibited users"
+msgstr ""
+
+#: src/config/SSSDConfig.py:315
+msgid "Default shell, /bin/bash"
+msgstr ""
+
+#: src/config/SSSDConfig.py:316
+msgid "Base for home directories"
+msgstr ""
+
+#: src/config/SSSDConfig.py:319
+msgid "The name of the NSS library to use"
+msgstr ""
+
+#: src/config/SSSDConfig.py:320
+msgid "Whether to look up canonical group name from cache if possible"
+msgstr ""
+
+#: src/config/SSSDConfig.py:323
+msgid "PAM stack to use"
+msgstr ""
+
+#: src/monitor/monitor.c:2398
+msgid "Become a daemon (default)"
+msgstr ""
+
+#: src/monitor/monitor.c:2400
+msgid "Run interactive (not a daemon)"
+msgstr ""
+
+#: src/monitor/monitor.c:2402 src/tools/sss_debuglevel.c:77
+msgid "Specify a non-default config file"
+msgstr ""
+
+#: src/monitor/monitor.c:2404
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1606 src/providers/ldap/ldap_child.c:402
+#: src/util/util.h:91
+msgid "Debug level"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1608 src/providers/ldap/ldap_child.c:404
+#: src/util/util.h:95
+msgid "Add debug timestamps"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1610 src/providers/ldap/ldap_child.c:406
+#: src/util/util.h:97
+msgid "Show timestamps with microseconds"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1612 src/providers/ldap/ldap_child.c:408
+msgid "An open file descriptor for the debug logs"
+msgstr ""
+
+#: src/providers/data_provider_be.c:2217
+msgid "Domain of the information provider (mandatory)"
+msgstr ""
+
+#: src/sss_client/common.c:878
+msgid "Privileged socket has wrong ownership or permissions."
+msgstr ""
+
+#: src/sss_client/common.c:881
+msgid "Public socket has wrong ownership or permissions."
+msgstr ""
+
+#: src/sss_client/common.c:884
+msgid "Unexpected format of the server credential message."
+msgstr ""
+
+#: src/sss_client/common.c:887
+msgid "SSSD is not run by root."
+msgstr ""
+
+#: src/sss_client/common.c:892
+msgid "An error occurred, but no description can be found."
+msgstr ""
+
+#: src/sss_client/common.c:898
+msgid "Unexpected error while looking for an error description"
+msgstr ""
+
+#: src/sss_client/pam_sss.c:379
+msgid "Passwords do not match"
+msgstr ""
+
+#: src/sss_client/pam_sss.c:567
+msgid "Password reset by root is not supported."
+msgstr ""
+
+#: src/sss_client/pam_sss.c:608
+msgid "Authenticated with cached credentials"
+msgstr ""
+
+#: src/sss_client/pam_sss.c:609
+msgid ", your cached password will expire at: "
+msgstr ""
+
+#: src/sss_client/pam_sss.c:639
+#, c-format
+msgid "Your password has expired. You have %d grace login(s) remaining."
+msgstr ""
+
+#: src/sss_client/pam_sss.c:685
+#, c-format
+msgid "Your password will expire in %d %s."
+msgstr ""
+
+#: src/sss_client/pam_sss.c:734
+msgid "Authentication is denied until: "
+msgstr ""
+
+#: src/sss_client/pam_sss.c:755
+msgid "System is offline, password change not possible"
+msgstr ""
+
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
+msgid "Password change failed. "
+msgstr ""
+
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
+msgid "Server message: "
+msgstr ""
+
+#: src/sss_client/pam_sss.c:1288
+msgid "New Password: "
+msgstr ""
+
+#: src/sss_client/pam_sss.c:1289
+msgid "Reenter new Password: "
+msgstr ""
+
+#: src/sss_client/pam_sss.c:1375
+msgid "Password: "
+msgstr ""
+
+#: src/sss_client/pam_sss.c:1407
+msgid "Current Password: "
+msgstr ""
+
+#: src/sss_client/pam_sss.c:1554
+msgid "Password expired. Change your password now."
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195 src/tools/sss_useradd.c:48
+#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:43
+#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:615
+#: src/tools/sss_userdel.c:131 src/tools/sss_usermod.c:47
+#: src/tools/sss_cache.c:321 src/tools/sss_debuglevel.c:75
+msgid "The debug level to run with"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:199
+msgid "The SSSD domain to use"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:58
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:216 src/tools/sss_useradd.c:71
+#: src/tools/sss_groupadd.c:56 src/tools/sss_groupdel.c:52
+#: src/tools/sss_groupmod.c:63 src/tools/sss_groupshow.c:626
+#: src/tools/sss_userdel.c:148 src/tools/sss_usermod.c:72
+#: src/tools/sss_cache.c:352
+msgid "Error setting the locale\n"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:65
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:91
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:115
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:223
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:283
+msgid "Not enough memory\n"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:84
+msgid "User not specified\n"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:105
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:297
+msgid "Error looking up public keys\n"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:76
+msgid "Failed to open a socket\n"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:86
+msgid "Failed to connect to the server\n"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:179
+msgid "Failed to execute proxy command\n"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:197
+msgid "The port to use to connect to the host"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:242
+msgid "Host not specified\n"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:248
+msgid "The path to the proxy command must be absolute\n"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:263
+msgid "Host name cannot be resolved\n"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:274
+msgid "Reverse lookup failed\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
+msgid "The UID of the user"
+msgstr ""
+
+#: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50
+msgid "The comment string"
+msgstr ""
+
+#: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51
+msgid "Home directory"
+msgstr ""
+
+#: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52
+msgid "Login shell"
+msgstr ""
+
+#: src/tools/sss_useradd.c:53
+msgid "Groups"
+msgstr ""
+
+#: src/tools/sss_useradd.c:54
+msgid "Create user's directory if it does not exist"
+msgstr ""
+
+#: src/tools/sss_useradd.c:55
+msgid "Never create user's directory, overrides config"
+msgstr ""
+
+#: src/tools/sss_useradd.c:56
+msgid "Specify an alternative skeleton directory"
+msgstr ""
+
+#: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:57
+msgid "The SELinux user for user's login"
+msgstr ""
+
+#: src/tools/sss_useradd.c:84 src/tools/sss_groupmod.c:76
+#: src/tools/sss_usermod.c:85
+msgid "Specify group to add to\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:108
+msgid "Specify user to add\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:117 src/tools/sss_groupadd.c:82
+#: src/tools/sss_groupdel.c:77 src/tools/sss_groupmod.c:109
+#: src/tools/sss_groupshow.c:659 src/tools/sss_userdel.c:193
+#: src/tools/sss_usermod.c:126
+msgid "Error initializing the tools - no local domain\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84
+#: src/tools/sss_groupdel.c:79 src/tools/sss_groupmod.c:111
+#: src/tools/sss_groupshow.c:661 src/tools/sss_userdel.c:195
+#: src/tools/sss_usermod.c:128
+msgid "Error initializing the tools\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:128 src/tools/sss_groupadd.c:93
+#: src/tools/sss_groupdel.c:88 src/tools/sss_groupmod.c:119
+#: src/tools/sss_groupshow.c:670 src/tools/sss_userdel.c:204
+#: src/tools/sss_usermod.c:137
+msgid "Invalid domain specified in FQDN\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:137 src/tools/sss_groupmod.c:139
+#: src/tools/sss_groupmod.c:166 src/tools/sss_usermod.c:160
+#: src/tools/sss_usermod.c:187
+msgid "Internal error while parsing parameters\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:145 src/tools/sss_usermod.c:168
+#: src/tools/sss_usermod.c:195
+msgid "Groups must be in the same domain as user\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:153
+#, c-format
+msgid "Cannot find group %s in local domain\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:168 src/tools/sss_userdel.c:214
+msgid "Cannot set default values\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:175 src/tools/sss_usermod.c:151
+msgid "The selected UID is outside the allowed range\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:202 src/tools/sss_usermod.c:236
+msgid "Cannot set SELinux login context\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:217
+msgid "Cannot get info about the user\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:229
+msgid "User's home directory already exists, not copying data from skeldir\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:232
+#, c-format
+msgid "Cannot create user's home directory: %s\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:243
+#, c-format
+msgid "Cannot create user's mail spool: %s\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:255
+msgid "Could not allocate ID for the user - domain full?\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:259
+msgid "A user or group with the same name or ID already exists\n"
+msgstr ""
+
+#: src/tools/sss_useradd.c:265
+msgid "Transaction error. Could not add user.\n"
+msgstr ""
+
+#: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48
+msgid "The GID of the group"
+msgstr ""
+
+#: src/tools/sss_groupadd.c:73
+msgid "Specify group to add\n"
+msgstr ""
+
+#: src/tools/sss_groupadd.c:102 src/tools/sss_groupmod.c:190
+msgid "The selected GID is outside the allowed range\n"
+msgstr ""
+
+#: src/tools/sss_groupadd.c:127
+msgid "Could not allocate ID for the group - domain full?\n"
+msgstr ""
+
+#: src/tools/sss_groupadd.c:131
+msgid "A group with the same name or GID already exists\n"
+msgstr ""
+
+#: src/tools/sss_groupadd.c:136
+msgid "Transaction error. Could not add group.\n"
+msgstr ""
+
+#: src/tools/sss_groupdel.c:68
+msgid "Specify group to delete\n"
+msgstr ""
+
+#: src/tools/sss_groupdel.c:101
+#, c-format
+msgid "Group %s is outside the defined ID range for domain\n"
+msgstr ""
+
+#: src/tools/sss_groupdel.c:115
+msgid ""
+"No such group in local domain. Removing groups only allowed in local "
+"domain.\n"
+msgstr ""
+
+#: src/tools/sss_groupdel.c:120
+msgid "Internal error. Could not remove group.\n"
+msgstr ""
+
+#: src/tools/sss_groupmod.c:44
+msgid "Groups to add this group to"
+msgstr ""
+
+#: src/tools/sss_groupmod.c:46
+msgid "Groups to remove this group from"
+msgstr ""
+
+#: src/tools/sss_groupmod.c:84 src/tools/sss_usermod.c:93
+msgid "Specify group to remove from\n"
+msgstr ""
+
+#: src/tools/sss_groupmod.c:98
+msgid "Specify group to modify\n"
+msgstr ""
+
+#: src/tools/sss_groupmod.c:126
+msgid ""
+"Cannot find group in local domain, modifying groups is allowed only in local "
+"domain\n"
+msgstr ""
+
+#: src/tools/sss_groupmod.c:147 src/tools/sss_groupmod.c:174
+msgid "Member groups must be in the same domain as parent group\n"
+msgstr ""
+
+#: src/tools/sss_groupmod.c:155 src/tools/sss_groupmod.c:182
+#: src/tools/sss_usermod.c:176 src/tools/sss_usermod.c:203
+#, c-format
+msgid ""
+"Cannot find group %s in local domain, only groups in local domain are "
+"allowed\n"
+msgstr ""
+
+#: src/tools/sss_groupmod.c:216
+msgid "Could not modify group - check if member group names are correct\n"
+msgstr ""
+
+#: src/tools/sss_groupmod.c:220
+msgid "Could not modify group - check if groupname is correct\n"
+msgstr ""
+
+#: src/tools/sss_groupmod.c:224
+msgid "Transaction error. Could not modify group.\n"
+msgstr ""
+
+#: src/tools/sss_groupshow.c:562
+#, c-format
+msgid "%s%sGroup: %s\n"
+msgstr ""
+
+#: src/tools/sss_groupshow.c:563
+msgid "Magic Private "
+msgstr ""
+
+#: src/tools/sss_groupshow.c:565
+#, c-format
+msgid "%sGID number: %d\n"
+msgstr ""
+
+#: src/tools/sss_groupshow.c:567
+#, c-format
+msgid "%sMember users: "
+msgstr ""
+
+#: src/tools/sss_groupshow.c:574
+#, c-format
+msgid ""
+"\n"
+"%sIs a member of: "
+msgstr ""
+
+#: src/tools/sss_groupshow.c:581
+#, c-format
+msgid ""
+"\n"
+"%sMember groups: "
+msgstr ""
+
+#: src/tools/sss_groupshow.c:617
+msgid "Print indirect group members recursively"
+msgstr ""
+
+#: src/tools/sss_groupshow.c:650
+msgid "Specify group to show\n"
+msgstr ""
+
+#: src/tools/sss_groupshow.c:689
+msgid ""
+"No such group in local domain. Printing groups only allowed in local "
+"domain.\n"
+msgstr ""
+
+#: src/tools/sss_groupshow.c:694
+msgid "Internal error. Could not print group.\n"
+msgstr ""
+
+#: src/tools/sss_userdel.c:133
+msgid "Remove home directory and mail spool"
+msgstr ""
+
+#: src/tools/sss_userdel.c:135
+msgid "Do not remove home directory and mail spool"
+msgstr ""
+
+#: src/tools/sss_userdel.c:137
+msgid "Force removal of files not owned by the user"
+msgstr ""
+
+#: src/tools/sss_userdel.c:139
+msgid "Kill users' processes before removing him"
+msgstr ""
+
+#: src/tools/sss_userdel.c:184
+msgid "Specify user to delete\n"
+msgstr ""
+
+#: src/tools/sss_userdel.c:230
+#, c-format
+msgid "User %s is outside the defined ID range for domain\n"
+msgstr ""
+
+#: src/tools/sss_userdel.c:255
+msgid "Cannot reset SELinux login context\n"
+msgstr ""
+
+#: src/tools/sss_userdel.c:267
+#, c-format
+msgid "WARNING: The user (uid %lu) was still logged in when deleted.\n"
+msgstr ""
+
+#: src/tools/sss_userdel.c:272
+msgid "Cannot determine if the user was logged in on this platform"
+msgstr ""
+
+#: src/tools/sss_userdel.c:277
+msgid "Error while checking if the user was logged in\n"
+msgstr ""
+
+#: src/tools/sss_userdel.c:284
+#, c-format
+msgid "The post-delete command failed: %s\n"
+msgstr ""
+
+#: src/tools/sss_userdel.c:296
+msgid "Not removing home dir - not owned by user\n"
+msgstr ""
+
+#: src/tools/sss_userdel.c:298
+#, c-format
+msgid "Cannot remove homedir: %s\n"
+msgstr ""
+
+#: src/tools/sss_userdel.c:309
+msgid ""
+"No such user in local domain. Removing users only allowed in local domain.\n"
+msgstr ""
+
+#: src/tools/sss_userdel.c:314
+msgid "Internal error. Could not remove user.\n"
+msgstr ""
+
+#: src/tools/sss_usermod.c:49
+msgid "The GID of the user"
+msgstr ""
+
+#: src/tools/sss_usermod.c:53
+msgid "Groups to add this user to"
+msgstr ""
+
+#: src/tools/sss_usermod.c:54
+msgid "Groups to remove this user from"
+msgstr ""
+
+#: src/tools/sss_usermod.c:55
+msgid "Lock the account"
+msgstr ""
+
+#: src/tools/sss_usermod.c:56
+msgid "Unlock the account"
+msgstr ""
+
+#: src/tools/sss_usermod.c:117
+msgid "Specify user to modify\n"
+msgstr ""
+
+#: src/tools/sss_usermod.c:144
+msgid ""
+"Cannot find user in local domain, modifying users is allowed only in local "
+"domain\n"
+msgstr ""
+
+#: src/tools/sss_usermod.c:246
+msgid "Could not modify user - check if group names are correct\n"
+msgstr ""
+
+#: src/tools/sss_usermod.c:250
+msgid "Could not modify user - user already member of groups?\n"
+msgstr ""
+
+#: src/tools/sss_usermod.c:254
+msgid "Transaction error. Could not modify user.\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:138
+msgid "No cache object matched the specified search\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:172
+#, c-format
+msgid "No such %s named %s, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:175
+#, c-format
+msgid "No objects of type %s in the cache, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:187
+#, c-format
+msgid "Couldn't invalidate %s"
+msgstr ""
+
+#: src/tools/sss_cache.c:194
+#, c-format
+msgid "Couldn't invalidate %s %s"
+msgstr ""
+
+#: src/tools/sss_cache.c:323
+msgid "Invalidate particular user"
+msgstr ""
+
+#: src/tools/sss_cache.c:325
+msgid "Invalidate all users"
+msgstr ""
+
+#: src/tools/sss_cache.c:327
+msgid "Invalidate particular group"
+msgstr ""
+
+#: src/tools/sss_cache.c:329
+msgid "Invalidate all groups"
+msgstr ""
+
+#: src/tools/sss_cache.c:331
+msgid "Invalidate particular netgroup"
+msgstr ""
+
+#: src/tools/sss_cache.c:333
+msgid "Invalidate all netgroups"
+msgstr ""
+
+#: src/tools/sss_cache.c:335
+msgid "Invalidate particular service"
+msgstr ""
+
+#: src/tools/sss_cache.c:337
+msgid "Invalidate all services"
+msgstr ""
+
+#: src/tools/sss_cache.c:340
+msgid "Invalidate particular autofs map"
+msgstr ""
+
+#: src/tools/sss_cache.c:342
+msgid "Invalidate all autofs maps"
+msgstr ""
+
+#: src/tools/sss_cache.c:345
+msgid "Only invalidate entries from a particular domain"
+msgstr ""
+
+#: src/tools/sss_cache.c:384
+msgid "Please select at least one object to invalidate\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:455
+#, c-format
+msgid "Could not open domain %s\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:457
+msgid "Could not open available domains\n"
+msgstr ""
+
+#: src/tools/sss_debuglevel.c:43
+msgid "\n"
+msgstr ""
+
+#: src/tools/sss_debuglevel.c:102
+msgid "Specify debug level you want to set\n"
+msgstr ""
+
+#: src/tools/tools_util.c:280
+msgid "Out of memory\n"
+msgstr ""
+
+#: src/tools/tools_util.h:40
+#, c-format
+msgid "%s must be run as root\n"
+msgstr ""
+
+#: src/util/util.h:93
+msgid "Send the debug output to files instead of stderr"
+msgstr ""
diff --git a/po/nl.po b/po/nl.po
index 72fbcd6f5..4bde6a918 100644
--- a/po/nl.po
+++ b/po/nl.po
@@ -11,8 +11,8 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2012-03-12 16:37-0400\n"
-"PO-Revision-Date: 2012-03-08 11:41+0000\n"
+"POT-Creation-Date: 2012-05-11 14:59-0400\n"
+"PO-Revision-Date: 2012-04-20 16:09+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: Dutch (http://www.transifex.net/projects/p/fedora/language/"
"nl/)\n"
@@ -43,38 +43,43 @@ msgid "Ping timeout before restarting service"
msgstr "Ping timeout voordat service herstart is"
#: src/config/SSSDConfig.py:44
+msgid ""
+"Timeout between three failed ping checks and forcibly killing the service"
+msgstr ""
+
+#: src/config/SSSDConfig.py:45
msgid "Command to start service"
msgstr "Commando om service te starten"
-#: src/config/SSSDConfig.py:45
+#: src/config/SSSDConfig.py:46
msgid "Number of times to attempt connection to Data Providers"
msgstr "Aantal pogingen naar de Data Providers te verbinden"
-#: src/config/SSSDConfig.py:46
+#: src/config/SSSDConfig.py:47
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig.py:49
+#: src/config/SSSDConfig.py:50
msgid "SSSD Services to start"
msgstr "SSSD Services die gestart moeten worden"
-#: src/config/SSSDConfig.py:50
+#: src/config/SSSDConfig.py:51
msgid "SSSD Domains to start"
msgstr "SSSD Domeinen die gestart moeten worden"
-#: src/config/SSSDConfig.py:51
+#: src/config/SSSDConfig.py:52
msgid "Timeout for messages sent over the SBUS"
msgstr "Timeout voor berichten die over SBUS worden verzonden"
-#: src/config/SSSDConfig.py:52
+#: src/config/SSSDConfig.py:53
msgid "Regex to parse username and domain"
msgstr "Reguliere expressie om gebruikersnamen en domeinen te ontleden"
-#: src/config/SSSDConfig.py:53
+#: src/config/SSSDConfig.py:54
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr "Printf-compatibel formaat voor het tonen van namen in volledige vorm"
-#: src/config/SSSDConfig.py:54
+#: src/config/SSSDConfig.py:55
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -82,50 +87,57 @@ msgstr ""
"Map in het bestandssysteem waarin SSSD Kerberos replay cache bestanden moet "
"opslaan."
-#: src/config/SSSDConfig.py:57
+#: src/config/SSSDConfig.py:58
msgid "Enumeration cache timeout length (seconds)"
msgstr "Enumeratie cache timeout duur (in seconden)"
-#: src/config/SSSDConfig.py:58
+#: src/config/SSSDConfig.py:59
msgid "Entry cache background update timeout length (seconds)"
msgstr "Entry cache achtergrond update timeout duur (in seconden)"
-#: src/config/SSSDConfig.py:59 src/config/SSSDConfig.py:82
+#: src/config/SSSDConfig.py:60 src/config/SSSDConfig.py:85
msgid "Negative cache timeout length (seconds)"
msgstr "Negatieve cache timeout duur (in seconden)"
-#: src/config/SSSDConfig.py:60
+#: src/config/SSSDConfig.py:61
msgid "Users that SSSD should explicitly ignore"
msgstr "Gebruikers die SSSD expliciet dient te negeren"
-#: src/config/SSSDConfig.py:61
+#: src/config/SSSDConfig.py:62
msgid "Groups that SSSD should explicitly ignore"
msgstr "Groepen die SSSD expliciet dient te negeren"
-#: src/config/SSSDConfig.py:62
+#: src/config/SSSDConfig.py:63
msgid "Should filtered users appear in groups"
msgstr "Dienen gefilterde gebruikers zichtbaar te zijn in groepen"
-#: src/config/SSSDConfig.py:63
+#: src/config/SSSDConfig.py:64
msgid "The value of the password field the NSS provider should return"
msgstr "De waarde van het wachtwoordveld die de NSS aanbieder terug moet geven"
-#: src/config/SSSDConfig.py:64
+#: src/config/SSSDConfig.py:65
msgid "Override homedir value from the identity provider with this value"
msgstr ""
"Overschrijf homedir waarde van de identiteit aanbieder met deze waarde "
-#: src/config/SSSDConfig.py:65
+#: src/config/SSSDConfig.py:66
+#, fuzzy
+msgid ""
+"Substitute empty homedir value from the identity provider with this value"
+msgstr ""
+"Overschrijf homedir waarde van de identiteit aanbieder met deze waarde "
+
+#: src/config/SSSDConfig.py:67
msgid "The list of shells users are allowed to log in with"
msgstr "De lijst van shells waarmee ingelogd kan worden"
-#: src/config/SSSDConfig.py:66
+#: src/config/SSSDConfig.py:68
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
"De lijst van shells die verboden zijn, en vervangen door de fallback shell"
-#: src/config/SSSDConfig.py:67
+#: src/config/SSSDConfig.py:69
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
@@ -134,14 +146,18 @@ msgstr ""
"beschikbaar, gebruik dan deze"
#: src/config/SSSDConfig.py:70
+msgid "Shell to use if the provider does not list one"
+msgstr ""
+
+#: src/config/SSSDConfig.py:73
msgid "How long to allow cached logins between online logins (days)"
msgstr "Hoe lang zijn cached logins toegestaan tussen online logins (in dagen)"
-#: src/config/SSSDConfig.py:71
+#: src/config/SSSDConfig.py:74
msgid "How many failed logins attempts are allowed when offline"
msgstr "Hoe veel mislukte inlogpogingen zijn toegestaan in offline-modus"
-#: src/config/SSSDConfig.py:72
+#: src/config/SSSDConfig.py:75
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
@@ -149,355 +165,359 @@ msgstr ""
"Hoe lang (in minuten) logins weigeren nadat offline_failed_login_attempts is "
"bereikt"
-#: src/config/SSSDConfig.py:73
+#: src/config/SSSDConfig.py:76
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
"Welke boodschappen worden aan de gebruiker getoond tijdens authenticatie"
-#: src/config/SSSDConfig.py:74
+#: src/config/SSSDConfig.py:77
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
"Hoeveel seconden moet de identiteit informatie in cache opgeslagen worden "
"voor PAN aanvragen"
-#: src/config/SSSDConfig.py:75
+#: src/config/SSSDConfig.py:78
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
"Hoeveel dagen voor het verlopen van het wachtwoord moet een waarschuwing "
"getoond worden"
-#: src/config/SSSDConfig.py:78
+#: src/config/SSSDConfig.py:81
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
"Of de tijd-gebaseerde attributen in sudo regels moeten worden geëvalueerd"
-#: src/config/SSSDConfig.py:79
+#: src/config/SSSDConfig.py:82
msgid ""
"How many seconds to keep sudorules cached before asking the provider again"
msgstr ""
"Hoeveel seconden sudoregels in de cache moeten worden gehouden voordat de "
"provider er opnieuw om wordt gevraagd"
-#: src/config/SSSDConfig.py:85
+#: src/config/SSSDConfig.py:88
+msgid "Whether to hash host names and adresses in the known_hosts file"
+msgstr ""
+
+#: src/config/SSSDConfig.py:91
msgid "Identity provider"
msgstr "Identiteitaanbieder"
-#: src/config/SSSDConfig.py:86
+#: src/config/SSSDConfig.py:92
msgid "Authentication provider"
msgstr "Authentiecatieaanbieder"
-#: src/config/SSSDConfig.py:87
+#: src/config/SSSDConfig.py:93
msgid "Access control provider"
msgstr "Toegangscontroleaanbieder"
-#: src/config/SSSDConfig.py:88
+#: src/config/SSSDConfig.py:94
msgid "Password change provider"
msgstr "Wachtwoordwijzigingsaanbieder"
-#: src/config/SSSDConfig.py:89
+#: src/config/SSSDConfig.py:95
msgid "SUDO provider"
msgstr "SUDO provider"
-#: src/config/SSSDConfig.py:90
+#: src/config/SSSDConfig.py:96
msgid "Autofs provider"
msgstr "Autofs provider"
-#: src/config/SSSDConfig.py:91
+#: src/config/SSSDConfig.py:97
msgid "Session-loading provider"
msgstr "Session-loading provider"
-#: src/config/SSSDConfig.py:92
+#: src/config/SSSDConfig.py:98
msgid "Host identity provider"
msgstr "Host identity provider"
-#: src/config/SSSDConfig.py:95
+#: src/config/SSSDConfig.py:101
msgid "Minimum user ID"
msgstr "Minimum gebruiker ID"
-#: src/config/SSSDConfig.py:96
+#: src/config/SSSDConfig.py:102
msgid "Maximum user ID"
msgstr "Maximum gebruiker ID"
-#: src/config/SSSDConfig.py:97
+#: src/config/SSSDConfig.py:103
msgid "Enable enumerating all users/groups"
msgstr "Schakel enumeratie van alle gebruikers/groepen"
-#: src/config/SSSDConfig.py:98
+#: src/config/SSSDConfig.py:104
msgid "Cache credentials for offline login"
msgstr "Cache inloggegevens voor offline gebruik"
-#: src/config/SSSDConfig.py:99
+#: src/config/SSSDConfig.py:105
msgid "Store password hashes"
msgstr "Sla vingerafdrukken van wachtwoorden op"
-#: src/config/SSSDConfig.py:100
+#: src/config/SSSDConfig.py:106
msgid "Display users/groups in fully-qualified form"
msgstr "Laat gebruikers/groepen in volledige vorm zien"
-#: src/config/SSSDConfig.py:101 src/config/SSSDConfig.py:108
-#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
-#: src/config/SSSDConfig.py:111 src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:115 src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:117 src/config/SSSDConfig.py:118
msgid "Entry cache timeout length (seconds)"
msgstr "Entry cache timeout duur (in seconden)"
-#: src/config/SSSDConfig.py:102
+#: src/config/SSSDConfig.py:108
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
"Beperk of geef de voorkeur aan een specifieke adresfamilie wanneer er DNS-"
"lookups uitgevoerd worden"
-#: src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:109
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
"Hoe lang blijven gegevens opgeslagen na een succesvolle login (in dagen)"
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:110
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
"Hoe lang te wachten op antwoord van de DSN bij het opzoeken van servers (in "
"seconden)"
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:111
msgid "The domain part of service discovery DNS query"
msgstr "Het domeingedeelte van DNS queries die service discovery uitvoeren"
-#: src/config/SSSDConfig.py:106
+#: src/config/SSSDConfig.py:112
msgid "Override GID value from the identity provider with this value"
msgstr "Overschrijf GID waarde van de identiteit aanbieder met deze waarde"
-#: src/config/SSSDConfig.py:107
+#: src/config/SSSDConfig.py:113
msgid "Treat usernames as case sensitive"
msgstr "Behandel gebruikersnamen als hoofdlettergevoelig"
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:121
msgid "IPA domain"
msgstr "IPA-domein"
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:122
msgid "IPA server address"
msgstr "IPA-serveradres"
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:123
msgid "IPA client hostname"
msgstr "IPA-clienthostname"
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:124
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
"Of de DNS-gegevens van de client automatisch bijgewerkt moeten worden in "
"FreeIPA"
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:125
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
"De adapter wiens IP-adres gebruikt moet worden voor het dynamisch bijwerken "
"van de DNS"
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:126
msgid "Search base for HBAC related objects"
msgstr "Zoek basis voor HBAC gerelateerde objecten"
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:127
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr "De tijdsduur tussen het opzoeken van HBAC regels voor de IPA server"
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:128
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr "Als DENY regels aanwezig zijn, dat DENY_ALL of IGNORE"
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:129
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
"Als dit op false ingesteld is, wordt het host argument gegeven door PAM "
"genegeerd"
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:130
msgid "The automounter location this IPA client is using"
msgstr "De automounter locatie die door deze IPA client wordt gebruikt"
-#: src/config/SSSDConfig.py:127 src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:133 src/config/SSSDConfig.py:134
msgid "Kerberos server address"
msgstr "Kerberos-serveradres"
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:135
msgid "Kerberos realm"
msgstr "Kerberos-rijk"
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:136
msgid "Authentication timeout"
msgstr "Authenticatie timeout"
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:139
msgid "Directory to store credential caches"
msgstr "Werkmap waar authenticatiegegevens opgeslagen worden"
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:140
msgid "Location of the user's credential cache"
msgstr "Locatie van de authenticatiecache van de gebruiker"
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:141
msgid "Location of the keytab to validate credentials"
msgstr "Locatie van de keytab om authenticatiegegevens te valideren"
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:142
msgid "Enable credential validation"
msgstr "Schakel authenticatiegegevensvalidatie in"
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:143
msgid "Store password if offline for later online authentication"
msgstr ""
"Sla het wachtwoord op indien offline voor later gebruik bij online "
"authenticatie"
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:144
msgid "Renewable lifetime of the TGT"
msgstr "Vernieuwbare levensduur van de TGT"
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of the TGT"
msgstr "Levensduur van de TGT"
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:146
msgid "Time between two checks for renewal"
msgstr "Tijd tussen twee checks voor vernieuwing"
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:147
msgid "Enables FAST"
msgstr "Zet FAST aan"
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:148
msgid "Selects the principal to use for FAST"
msgstr "Selecteert de hoofdpersoon te gebruiken voor FAST "
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:149
msgid "Enables principal canonicalization"
msgstr "Zet hoofdpersoon sanctioneren aan"
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:152
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"Server waar het wachtwoord wijzigingsservice draait indien niet op de KDC"
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:155
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, de URI van de LDAP server"
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:156
msgid "The default base DN"
msgstr "De standaard base DN"
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:157
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Het schema type wat gebruikt wordt op de LDAP server, rfc2307"
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:158
msgid "The default bind DN"
msgstr "De standaard bind DN"
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:159
msgid "The type of the authentication token of the default bind DN"
msgstr "Het type authenticatietoken van de standaard bind DN"
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:160
msgid "The authentication token of the default bind DN"
msgstr "Het authenticatietoken van de standaard bind DN"
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:161
msgid "Length of time to attempt connection"
msgstr "Hoe lang pogen te verbinden"
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:162
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Hoe lang proberen synchroon LDAP te benaderen"
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:163
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
"Duur tussen pogingen om de verbinding opnieuw tot stand te brengen tijdens "
"offline zijn"
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:164
msgid "Use only the upper case for realm names"
msgstr "Gebruik alleen hoofdletters voor gebiedsnamen"
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:165
msgid "File that contains CA certificates"
msgstr "Bestand dat de bekende CA-certificaten bevat"
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:166
msgid "Path to CA certificate directory"
msgstr "Pad naar de CA-certificatenmap"
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:167
msgid "File that contains the client certificate"
msgstr "Bestand dat het client certificaat bevat"
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:168
msgid "File that contains the client key"
msgstr "Bestand dat de client sleutel bevat"
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:169
msgid "List of possible ciphers suites"
msgstr "Lijst van mogelijke sleutel suites"
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:170
msgid "Require TLS certificate verification"
msgstr "Vereis verificatie van het TLS-certificaat"
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:171
msgid "Specify the sasl mechanism to use"
msgstr "Geef het SASL-mechanisme op wat gebruikt moet worden"
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:172
msgid "Specify the sasl authorization id to use"
msgstr "Geef het SASL-authorisatie-ID op wat gebruikt moet worden"
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:173
msgid "Specify the sasl authorization realm to use"
msgstr "Specificeer het te gebruiken sasl autorisatiegebied "
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:174
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr "Specificeer de minimale SSF voor LDAP sasl autorisatie"
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:175
msgid "Kerberos service keytab"
msgstr "Kerberos service keytab"
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:176
msgid "Use Kerberos auth for LDAP connection"
msgstr "Gebruik Kerberos authenticatie voor LDAP-connectie"
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:177
msgid "Follow LDAP referrals"
msgstr "Volg LDAP-doorverwijzingen"
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:178
msgid "Lifetime of TGT for LDAP connection"
msgstr "Levensduur van TGT voor LDAP-connectie"
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:179
msgid "How to dereference aliases"
msgstr "Hoe moet de alias referentie verwijderd worden"
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:180
msgid "Service name for DNS service lookups"
msgstr "Service naam voor DNS service opzoeken"
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:181
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
"Het aantal records dat opgehaald moet worden met een enkele LDAP bevraging"
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:182
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
"Het aantal leden van moet ontbreken om een volledige de-referentie te "
"veroorzaken"
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:183
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
@@ -505,431 +525,472 @@ msgstr ""
"Moet de LDAP bibliotheek omgekeerd opzoeken uitvoeren om de hostnaam te "
"autoriseren tijdens een SASL binding"
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:185
msgid "entryUSN attribute"
msgstr "entryUSN attribuut"
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:186
msgid "lastUSN attribute"
msgstr "lastUSN attribuut"
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:188
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
"Hoe lang een verbinding met de LDAP server gebouden moet blijven voordat het "
"losgekoppeld wordt"
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:190
msgid "Disable the LDAP paging control"
msgstr "Het LDAP paging besturingselement uitschakelen"
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:193
msgid "Length of time to wait for a search request"
msgstr "Tijd om te wachten op een zoekopdracht"
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:194
msgid "Length of time to wait for a enumeration request"
msgstr "Tijdsduur te wachten voor een opsommingsverzoek"
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:195
msgid "Length of time between enumeration updates"
msgstr "Tijd om te wachten tussen enumeratie-updates"
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:196
msgid "Length of time between cache cleanups"
msgstr "Tijdsduur tussen cache opschoningen"
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:197
msgid "Require TLS for ID lookups"
msgstr "Vereis TLS voor het opzoeken van ID's"
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:198
+msgid "Use ID-mapping of objectSID instead of pre-set IDs"
+msgstr ""
+
+#: src/config/SSSDConfig.py:199
msgid "Base DN for user lookups"
msgstr "Base DN voor het opzoeken van gebruikers"
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:200
msgid "Scope of user lookups"
msgstr "Scope voor het opzoeken van gebruikers"
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:201
msgid "Filter for user lookups"
msgstr "Filter voor het opzoeken van gebruikers"
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:202
msgid "Objectclass for users"
msgstr "Objectclass voor gebruikers"
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:203
msgid "Username attribute"
msgstr "Username-attribuut"
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:205
msgid "UID attribute"
msgstr "UID-attribuut"
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:206
msgid "Primary GID attribute"
msgstr "Primair GID-attribuut"
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:207
msgid "GECOS attribute"
msgstr "GECOS-attribuut"
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:208
msgid "Home directory attribute"
msgstr "Gebruikersmap-attribuut"
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:209
msgid "Shell attribute"
msgstr "Shell-attribuut"
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:210
msgid "UUID attribute"
msgstr "UUID-attribuut"
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:211 src/config/SSSDConfig.py:247
+#, fuzzy
+msgid "objectSID attribute"
+msgstr "UID-attribuut"
+
+#: src/config/SSSDConfig.py:212
+msgid "Active Directory primary group attribute for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:213
msgid "User principal attribute (for Kerberos)"
msgstr "Userprincipal-attribuut (voor Kerberos)"
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:214
msgid "Full Name"
msgstr "Volledige naam"
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:215
msgid "memberOf attribute"
msgstr "memberOf-attribuut"
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:216
msgid "Modification time attribute"
msgstr "Modification time-attribuut"
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:218
msgid "shadowLastChange attribute"
msgstr "shadowLastChange attribuut"
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:219
msgid "shadowMin attribute"
msgstr "shadowMin attribuut"
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:220
msgid "shadowMax attribute"
msgstr "shadowMax attribuut"
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:221
msgid "shadowWarning attribute"
msgstr "shadowWarning attribuut"
-#: src/config/SSSDConfig.py:213
+#: src/config/SSSDConfig.py:222
msgid "shadowInactive attribute"
msgstr "shadowInactive attribuut"
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:223
msgid "shadowExpire attribute"
msgstr "shadowExpire attribuut"
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:224
msgid "shadowFlag attribute"
msgstr "shadowFlag attribuut"
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:225
msgid "Attribute listing authorized PAM services"
msgstr "Attribuut voor tonen van geautoriseerde PAM services"
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:226
msgid "Attribute listing authorized server hosts"
msgstr "Attribuut dat geautoriseerde server hosts toont"
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:227
msgid "krbLastPwdChange attribute"
msgstr "krbLastPwdChange attribuut"
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:228
msgid "krbPasswordExpiration attribute"
msgstr "krbPasswordExpiration attribuut"
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:229
msgid "Attribute indicating that server side password policies are active"
msgstr "Attribuut welke aangeeft dat wachtwoordtactiek op de server actief is"
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:230
msgid "accountExpires attribute of AD"
msgstr "accountExpires attribuut van AD"
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:231
msgid "userAccountControl attribute of AD"
msgstr "userAccountControl attribuut van AD"
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:232
msgid "nsAccountLock attribute"
msgstr "nsAccountLock attribuut"
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:233
msgid "loginDisabled attribute of NDS"
msgstr "loginDisabled attribuut van NDS"
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:234
msgid "loginExpirationTime attribute of NDS"
msgstr "loginExpirationTime attribuut van NDS"
-#: src/config/SSSDConfig.py:226
+#: src/config/SSSDConfig.py:235
msgid "loginAllowedTimeMap attribute of NDS"
msgstr "loginAllowedTimeMap attribuut van NDS"
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:236
msgid "SSH public key attribute"
msgstr "SSH publieke sleutel attribuut"
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:238
msgid "Base DN for group lookups"
msgstr "Basis DN voor groep opzoeken"
-#: src/config/SSSDConfig.py:232
+#: src/config/SSSDConfig.py:241
msgid "Objectclass for groups"
msgstr "Objectklasse voor groepen"
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:242
msgid "Group name"
msgstr "Groepsnaam"
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:243
msgid "Group password"
msgstr "Groep wachtwoord"
-#: src/config/SSSDConfig.py:235
+#: src/config/SSSDConfig.py:244
msgid "GID attribute"
msgstr "GID attribuut"
-#: src/config/SSSDConfig.py:236
+#: src/config/SSSDConfig.py:245
msgid "Group member attribute"
msgstr "Groep deelnemer attribuut"
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:246
msgid "Group UUID attribute"
msgstr "Groep UUID attribuut"
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:248
msgid "Modification time attribute for groups"
msgstr "Verandertijd attribuut voor groepen"
-#: src/config/SSSDConfig.py:240
+#: src/config/SSSDConfig.py:250
msgid "Maximum nesting level SSSd will follow"
msgstr "Maximale nest niveau dat SSSd zal volgen"
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:252
msgid "Base DN for netgroup lookups"
msgstr "Basis DN voor netgroep opzoeken"
-#: src/config/SSSDConfig.py:243
+#: src/config/SSSDConfig.py:253
msgid "Objectclass for netgroups"
msgstr "Objectklasse voor netgroepen"
-#: src/config/SSSDConfig.py:244
+#: src/config/SSSDConfig.py:254
msgid "Netgroup name"
msgstr "Netgroep naam"
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:255
msgid "Netgroups members attribute"
msgstr "Netgroep leden attribuut"
-#: src/config/SSSDConfig.py:246
+#: src/config/SSSDConfig.py:256
msgid "Netgroup triple attribute"
msgstr "Netgroep triple attibuut"
-#: src/config/SSSDConfig.py:247
+#: src/config/SSSDConfig.py:257
msgid "Netgroup UUID attribute"
msgstr "Netgroep UUID attibuut"
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:258
msgid "Modification time attribute for netgroups"
msgstr "Verandertijd attribuut voor netgroepen"
-#: src/config/SSSDConfig.py:250
+#: src/config/SSSDConfig.py:260
msgid "Base DN for service lookups"
msgstr "Basis DN voor service lookups"
-#: src/config/SSSDConfig.py:251
+#: src/config/SSSDConfig.py:261
msgid "Objectclass for services"
msgstr "Objectclass voor services"
-#: src/config/SSSDConfig.py:252
+#: src/config/SSSDConfig.py:262
msgid "Service name attribute"
msgstr "Service naam attribuut"
-#: src/config/SSSDConfig.py:253
+#: src/config/SSSDConfig.py:263
msgid "Service port attribute"
msgstr "Service port attribuut"
-#: src/config/SSSDConfig.py:254
+#: src/config/SSSDConfig.py:264
msgid "Service protocol attribute"
msgstr "Service protocol attribuut"
-#: src/config/SSSDConfig.py:258
+#: src/config/SSSDConfig.py:267
+msgid "Lower bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:268
+msgid "Upper bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:269
+msgid "Number of IDs for each slice when ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:270
+msgid "Use autorid-compatible algorithm for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:271
+msgid "Name of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:272
+msgid "SID of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:275
msgid "Policy to evaluate the password expiration"
msgstr "Policy om wacthwoordverloop mee te evalueren"
-#: src/config/SSSDConfig.py:261
+#: src/config/SSSDConfig.py:278
msgid "LDAP filter to determine access privileges"
msgstr "LDAP-filter om toegangsprivileges mee te bepalen"
-#: src/config/SSSDConfig.py:262
+#: src/config/SSSDConfig.py:279
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
"Welke attributen worden gebruikt voor evaluatie als het account verlopen is"
-#: src/config/SSSDConfig.py:263
+#: src/config/SSSDConfig.py:280
msgid "Which rules should be used to evaluate access control"
msgstr ""
"Welke regels moeten gebruikt worden voor de evaluatie van toegangscontrole"
-#: src/config/SSSDConfig.py:266
+#: src/config/SSSDConfig.py:283
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
"URI van een LDAP server waarop wachtwoord veranderingen toegestaan zijn"
-#: src/config/SSSDConfig.py:267
+#: src/config/SSSDConfig.py:284
msgid "DNS service name for LDAP password change server"
msgstr "DNS service naam voor LDAP wachtwoord verander server"
-#: src/config/SSSDConfig.py:270
+#: src/config/SSSDConfig.py:287
msgid "Base DN for sudo rules lookups"
msgstr "Basis DN voor sudo regels lookups"
-#: src/config/SSSDConfig.py:271
+#: src/config/SSSDConfig.py:288
msgid "Enable periodical update of all sudo rules"
msgstr "Periodieke updates van alle sudo regels inschakelen"
-#: src/config/SSSDConfig.py:272
+#: src/config/SSSDConfig.py:289
msgid "Length of time between rules updates"
msgstr "Tijd tussen regels updates"
-#: src/config/SSSDConfig.py:273
+#: src/config/SSSDConfig.py:290
msgid "Object class for sudo rules"
msgstr "Objectklasse voor sudo regels"
-#: src/config/SSSDConfig.py:274
+#: src/config/SSSDConfig.py:291
msgid "Sudo rule name"
msgstr "Sudo regelnaam"
-#: src/config/SSSDConfig.py:275
+#: src/config/SSSDConfig.py:292
msgid "Sudo rule command attribute"
msgstr "Sudo regel opdracht attribuut"
-#: src/config/SSSDConfig.py:276
+#: src/config/SSSDConfig.py:293
msgid "Sudo rule host attribute"
msgstr "Sudo regel host attribuut"
-#: src/config/SSSDConfig.py:277
+#: src/config/SSSDConfig.py:294
msgid "Sudo rule user attribute"
msgstr "Sudo regel gebruiker attribuut"
-#: src/config/SSSDConfig.py:278
+#: src/config/SSSDConfig.py:295
msgid "Sudo rule option attribute"
msgstr "Sudo regel optie attribuut"
-#: src/config/SSSDConfig.py:279
+#: src/config/SSSDConfig.py:296
msgid "Sudo rule runasuser attribute"
msgstr "Sudo regel runasuser attribuut"
-#: src/config/SSSDConfig.py:280
+#: src/config/SSSDConfig.py:297
msgid "Sudo rule runasgroup attribute"
msgstr "Sudo regel runasgroup attribuut"
-#: src/config/SSSDConfig.py:281
+#: src/config/SSSDConfig.py:298
msgid "Sudo rule notbefore attribute"
msgstr "Sudo regel notbefore attribuut"
-#: src/config/SSSDConfig.py:282
+#: src/config/SSSDConfig.py:299
msgid "Sudo rule notafter attribute"
msgstr "Sudo regel notafter attribuut"
-#: src/config/SSSDConfig.py:283
+#: src/config/SSSDConfig.py:300
msgid "Sudo rule order attribute"
msgstr "Sudo regel volgorde attribuut"
-#: src/config/SSSDConfig.py:286
+#: src/config/SSSDConfig.py:303
msgid "Object class for automounter maps"
msgstr "Object class voor automounter maps"
-#: src/config/SSSDConfig.py:287
+#: src/config/SSSDConfig.py:304
msgid "Automounter map name attribute"
msgstr "Automounter map naam attribuut"
-#: src/config/SSSDConfig.py:288
+#: src/config/SSSDConfig.py:305
msgid "Object class for automounter map entries"
msgstr "Objectklasse voor automounter map ingaven"
-#: src/config/SSSDConfig.py:289
+#: src/config/SSSDConfig.py:306
msgid "Automounter map entry key attribute"
msgstr "Automounter map sleutel ingave attribuut"
-#: src/config/SSSDConfig.py:290
+#: src/config/SSSDConfig.py:307
msgid "Automounter map entry value attribute"
msgstr "Automounter map ingavewaarde attribuut"
-#: src/config/SSSDConfig.py:291
+#: src/config/SSSDConfig.py:308
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig.py:294
+#: src/config/SSSDConfig.py:311
msgid "Comma separated list of allowed users"
msgstr "Kommagescheiden lijst van toegestane gebruikers"
-#: src/config/SSSDConfig.py:295
+#: src/config/SSSDConfig.py:312
msgid "Comma separated list of prohibited users"
msgstr "Kommagescheiden lijst van geweigerde gebruikers"
-#: src/config/SSSDConfig.py:298
+#: src/config/SSSDConfig.py:315
msgid "Default shell, /bin/bash"
msgstr "Standaard shell, /bin/bash"
-#: src/config/SSSDConfig.py:299
+#: src/config/SSSDConfig.py:316
msgid "Base for home directories"
msgstr "Basis voor gebruikersmappen"
-#: src/config/SSSDConfig.py:302
+#: src/config/SSSDConfig.py:319
msgid "The name of the NSS library to use"
msgstr "De naam van de NSS-bibliotheek die gebruikt wordt"
-#: src/config/SSSDConfig.py:305
+#: src/config/SSSDConfig.py:320
+msgid "Whether to look up canonical group name from cache if possible"
+msgstr ""
+
+#: src/config/SSSDConfig.py:323
msgid "PAM stack to use"
msgstr "PAM-stack die gebruikt wordt"
-#: src/monitor/monitor.c:2379
+#: src/monitor/monitor.c:2398
msgid "Become a daemon (default)"
msgstr "Start in de achtergrond (standaard)"
-#: src/monitor/monitor.c:2381
+#: src/monitor/monitor.c:2400
msgid "Run interactive (not a daemon)"
msgstr "Start interactief (standaard)"
-#: src/monitor/monitor.c:2383 src/tools/sss_debuglevel.c:77
+#: src/monitor/monitor.c:2402 src/tools/sss_debuglevel.c:77
msgid "Specify a non-default config file"
msgstr "Geef een niet-standaard configuratiebestand op"
-#: src/monitor/monitor.c:2385
+#: src/monitor/monitor.c:2404
msgid "Print version number and exit"
msgstr "Print versie nummer en sluit af"
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381
-#: src/util/util.h:89
+#: src/providers/krb5/krb5_child.c:1606 src/providers/ldap/ldap_child.c:402
+#: src/util/util.h:91
msgid "Debug level"
msgstr "Debug niveau"
-#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1608 src/providers/ldap/ldap_child.c:404
+#: src/util/util.h:95
msgid "Add debug timestamps"
msgstr "Voeg tijdstempels toe aan debugberichten"
-#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385
-#: src/util/util.h:95
+#: src/providers/krb5/krb5_child.c:1610 src/providers/ldap/ldap_child.c:406
+#: src/util/util.h:97
msgid "Show timestamps with microseconds"
msgstr "Toon tijdstempel met microseconden"
-#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387
+#: src/providers/krb5/krb5_child.c:1612 src/providers/ldap/ldap_child.c:408
msgid "An open file descriptor for the debug logs"
msgstr "Een geopend bestand voor de debug logs"
-#: src/providers/data_provider_be.c:2016
+#: src/providers/data_provider_be.c:2217
msgid "Domain of the information provider (mandatory)"
msgstr "Domein voor de informatie provider (verplicht)"
@@ -958,95 +1019,96 @@ msgstr ""
msgid "Unexpected error while looking for an error description"
msgstr "Onverwachtte fout bij het opzoeken van een omschrijving"
-#: src/sss_client/pam_sss.c:378
+#: src/sss_client/pam_sss.c:379
msgid "Passwords do not match"
msgstr "Wachtwoorden komen niet overeen"
-#: src/sss_client/pam_sss.c:571
+#: src/sss_client/pam_sss.c:567
msgid "Password reset by root is not supported."
msgstr "Wachtwoorden als root wijzigen wordt niet ondersteund."
-#: src/sss_client/pam_sss.c:612
+#: src/sss_client/pam_sss.c:608
msgid "Authenticated with cached credentials"
msgstr "Geauthenticeerd met gecachte inloggegevens."
-#: src/sss_client/pam_sss.c:613
+#: src/sss_client/pam_sss.c:609
msgid ", your cached password will expire at: "
msgstr ", uw wachtwoord verloopt op:"
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:639
#, c-format
msgid "Your password has expired. You have %d grace login(s) remaining."
msgstr "Uw wachtwoord is verlopen. U heeft %d genadigde login(s) over."
-#: src/sss_client/pam_sss.c:689
+#: src/sss_client/pam_sss.c:685
#, c-format
msgid "Your password will expire in %d %s."
msgstr "Uw wachtwoord verloopt in %d %s."
-#: src/sss_client/pam_sss.c:738
+#: src/sss_client/pam_sss.c:734
msgid "Authentication is denied until: "
msgstr "Inloggen wordt geweigerd tot:"
-#: src/sss_client/pam_sss.c:759
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr "Systeem is offline, wachtwoord wijzigen niet mogelijk"
-#: src/sss_client/pam_sss.c:789 src/sss_client/pam_sss.c:802
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr "Wijzigen van wachtwoord mislukt."
-#: src/sss_client/pam_sss.c:792 src/sss_client/pam_sss.c:803
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr "Serverbericht:"
-#: src/sss_client/pam_sss.c:1286
+#: src/sss_client/pam_sss.c:1288
msgid "New Password: "
msgstr "Nieuw Wachtwoord: "
-#: src/sss_client/pam_sss.c:1287
+#: src/sss_client/pam_sss.c:1289
msgid "Reenter new Password: "
msgstr "Voer nieuw wachtwoord nogmaals in: "
-#: src/sss_client/pam_sss.c:1373
+#: src/sss_client/pam_sss.c:1375
msgid "Password: "
msgstr "Wachtwoord: "
-#: src/sss_client/pam_sss.c:1405
+#: src/sss_client/pam_sss.c:1407
msgid "Current Password: "
msgstr "Huidig wachtwoord:"
-#: src/sss_client/pam_sss.c:1552
+#: src/sss_client/pam_sss.c:1554
msgid "Password expired. Change your password now."
msgstr "Wachtwoord verlopen. Verander nu uw wachtwoord."
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:211 src/tools/sss_useradd.c:48
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:43
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:615
#: src/tools/sss_userdel.c:131 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:254 src/tools/sss_debuglevel.c:75
+#: src/tools/sss_cache.c:321 src/tools/sss_debuglevel.c:75
msgid "The debug level to run with"
msgstr "Het debugniveau waarmee gestart wordt"
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:215
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:199
msgid "The SSSD domain to use"
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:58
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:229 src/tools/sss_useradd.c:71
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:216 src/tools/sss_useradd.c:71
#: src/tools/sss_groupadd.c:56 src/tools/sss_groupdel.c:52
#: src/tools/sss_groupmod.c:63 src/tools/sss_groupshow.c:626
#: src/tools/sss_userdel.c:148 src/tools/sss_usermod.c:72
-#: src/tools/sss_cache.c:275
+#: src/tools/sss_cache.c:352
msgid "Error setting the locale\n"
msgstr "Fout bij het zetten van de locale\n"
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:65
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:91
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:236
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:269
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:115
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:223
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:283
msgid "Not enough memory\n"
msgstr ""
@@ -1054,35 +1116,43 @@ msgstr ""
msgid "User not specified\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:104
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:282
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:105
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:297
msgid "Error looking up public keys\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:94
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:76
msgid "Failed to open a socket\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:104
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:86
msgid "Failed to connect to the server\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:179
msgid "Failed to execute proxy command\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:213
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:197
msgid "The port to use to connect to the host"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:255
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:242
msgid "Host not specified\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:261
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:248
msgid "The path to the proxy command must be absolute\n"
msgstr ""
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:263
+msgid "Host name cannot be resolved\n"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:274
+msgid "Reverse lookup failed\n"
+msgstr ""
+
#: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
msgid "The UID of the user"
msgstr "Het UID van de gebruiker"
@@ -1483,44 +1553,87 @@ msgstr ""
msgid "Transaction error. Could not modify user.\n"
msgstr "Transactiefout. Kan de gebruiker niet aanpassen.\n"
-#: src/tools/sss_cache.c:132
+#: src/tools/sss_cache.c:138
+msgid "No cache object matched the specified search\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:172
+#, c-format
+msgid "No such %s named %s, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:175
+#, c-format
+msgid "No objects of type %s in the cache, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:187
#, c-format
msgid "Couldn't invalidate %s"
msgstr ""
-#: src/tools/sss_cache.c:138
+#: src/tools/sss_cache.c:194
#, c-format
msgid "Couldn't invalidate %s %s"
msgstr ""
-#: src/tools/sss_cache.c:256
+#: src/tools/sss_cache.c:323
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:258
+#: src/tools/sss_cache.c:325
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:260
+#: src/tools/sss_cache.c:327
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:262
+#: src/tools/sss_cache.c:329
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:264
+#: src/tools/sss_cache.c:331
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:266
+#: src/tools/sss_cache.c:333
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:268
+#: src/tools/sss_cache.c:335
+msgid "Invalidate particular service"
+msgstr ""
+
+#: src/tools/sss_cache.c:337
+msgid "Invalidate all services"
+msgstr ""
+
+#: src/tools/sss_cache.c:340
+msgid "Invalidate particular autofs map"
+msgstr ""
+
+#: src/tools/sss_cache.c:342
+msgid "Invalidate all autofs maps"
+msgstr ""
+
+#: src/tools/sss_cache.c:345
msgid "Only invalidate entries from a particular domain"
msgstr ""
+#: src/tools/sss_cache.c:384
+msgid "Please select at least one object to invalidate\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:455
+#, c-format
+msgid "Could not open domain %s\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:457
+msgid "Could not open available domains\n"
+msgstr ""
+
#: src/tools/sss_debuglevel.c:43
msgid "\n"
msgstr ""
@@ -1538,6 +1651,6 @@ msgstr "Het geheugen zit vol\n"
msgid "%s must be run as root\n"
msgstr "%s moet als root gestart worden\n"
-#: src/util/util.h:91
+#: src/util/util.h:93
msgid "Send the debug output to files instead of stderr"
msgstr "Stuur de debuguitvoer naar bestanden in plaats van stderr"
diff --git a/po/pl.po b/po/pl.po
index 4e0f57168..f5ad70cae 100644
--- a/po/pl.po
+++ b/po/pl.po
@@ -9,8 +9,8 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2012-03-12 16:37-0400\n"
-"PO-Revision-Date: 2012-03-08 11:41+0000\n"
+"POT-Creation-Date: 2012-05-11 14:59-0400\n"
+"PO-Revision-Date: 2012-04-20 16:09+0000\n"
"Last-Translator: Piotr Drąg <piotrdrag@gmail.com>\n"
"Language-Team: Polish (http://www.transifex.net/projects/p/fedora/language/"
"pl/)\n"
@@ -42,38 +42,43 @@ msgid "Ping timeout before restarting service"
msgstr "Czas oczekiwania na ping przed ponownym uruchomieniem usługi"
#: src/config/SSSDConfig.py:44
+msgid ""
+"Timeout between three failed ping checks and forcibly killing the service"
+msgstr ""
+
+#: src/config/SSSDConfig.py:45
msgid "Command to start service"
msgstr "Polecenie do uruchomienia usługi"
-#: src/config/SSSDConfig.py:45
+#: src/config/SSSDConfig.py:46
msgid "Number of times to attempt connection to Data Providers"
msgstr "Liczba prób połączenia do dostawców danych"
-#: src/config/SSSDConfig.py:46
+#: src/config/SSSDConfig.py:47
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig.py:49
+#: src/config/SSSDConfig.py:50
msgid "SSSD Services to start"
msgstr "Usługi SSSD do uruchomienia"
-#: src/config/SSSDConfig.py:50
+#: src/config/SSSDConfig.py:51
msgid "SSSD Domains to start"
msgstr "Domeny SSSD do uruchomienia"
-#: src/config/SSSDConfig.py:51
+#: src/config/SSSDConfig.py:52
msgid "Timeout for messages sent over the SBUS"
msgstr "Czas oczekiwania na komunikaty wysyłane przez SBUS"
-#: src/config/SSSDConfig.py:52
+#: src/config/SSSDConfig.py:53
msgid "Regex to parse username and domain"
msgstr "Wyrażenie regularne do przetworzenia nazwy użytkownika i domeny"
-#: src/config/SSSDConfig.py:53
+#: src/config/SSSDConfig.py:54
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr "Format zgodny z printf do wyświetlania pełnych nazw"
-#: src/config/SSSDConfig.py:54
+#: src/config/SSSDConfig.py:55
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -81,48 +86,54 @@ msgstr ""
"Katalog w systemie plików, w którym SSSD powinno przechowywać pliki pamięci "
"podręcznej odtwarzania Kerberosa."
-#: src/config/SSSDConfig.py:57
+#: src/config/SSSDConfig.py:58
msgid "Enumeration cache timeout length (seconds)"
msgstr "Czas oczekiwania pamięci podręcznej wyliczania (sekundy)"
-#: src/config/SSSDConfig.py:58
+#: src/config/SSSDConfig.py:59
msgid "Entry cache background update timeout length (seconds)"
msgstr "Czas oczekiwania aktualizacji tła pamięci podręcznej wpisów (sekundy)"
-#: src/config/SSSDConfig.py:59 src/config/SSSDConfig.py:82
+#: src/config/SSSDConfig.py:60 src/config/SSSDConfig.py:85
msgid "Negative cache timeout length (seconds)"
msgstr "Ujemny czas oczekiwania pamięci podręcznej (sekundy)"
-#: src/config/SSSDConfig.py:60
+#: src/config/SSSDConfig.py:61
msgid "Users that SSSD should explicitly ignore"
msgstr "Użytkownicy, którzy powinni być bezpośrednio ignorowani przez SSSD"
-#: src/config/SSSDConfig.py:61
+#: src/config/SSSDConfig.py:62
msgid "Groups that SSSD should explicitly ignore"
msgstr "Grupy, które powinny być bezpośrednio ignorowane przez SSSD"
-#: src/config/SSSDConfig.py:62
+#: src/config/SSSDConfig.py:63
msgid "Should filtered users appear in groups"
msgstr "Czy filtrowani użytkownicy powinni pojawiać się w grupach"
-#: src/config/SSSDConfig.py:63
+#: src/config/SSSDConfig.py:64
msgid "The value of the password field the NSS provider should return"
msgstr "Wartość pola hasła, jaką dostawca NSS powinien zwrócić"
-#: src/config/SSSDConfig.py:64
+#: src/config/SSSDConfig.py:65
msgid "Override homedir value from the identity provider with this value"
msgstr "Zastępuje wartość katalogu domowego z dostawcy tożsamości tą wartością"
-#: src/config/SSSDConfig.py:65
+#: src/config/SSSDConfig.py:66
+#, fuzzy
+msgid ""
+"Substitute empty homedir value from the identity provider with this value"
+msgstr "Zastępuje wartość katalogu domowego z dostawcy tożsamości tą wartością"
+
+#: src/config/SSSDConfig.py:67
msgid "The list of shells users are allowed to log in with"
msgstr "Lista powłok, za pomocą których użytkownicy mogą się logować"
-#: src/config/SSSDConfig.py:66
+#: src/config/SSSDConfig.py:68
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr "Lista powłok, które zostaną zawetowane i zastąpione powłoką zastępczą"
-#: src/config/SSSDConfig.py:67
+#: src/config/SSSDConfig.py:69
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
@@ -131,16 +142,20 @@ msgstr ""
"jest dostępna, to zostanie użyta ta powłoka zastępcza"
#: src/config/SSSDConfig.py:70
+msgid "Shell to use if the provider does not list one"
+msgstr ""
+
+#: src/config/SSSDConfig.py:73
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
"Jak długo umożliwiać logowania w pamięci podręcznej między logowaniami w "
"trybie online (dni)"
-#: src/config/SSSDConfig.py:71
+#: src/config/SSSDConfig.py:74
msgid "How many failed logins attempts are allowed when offline"
msgstr "Ile nieudanych prób zalogowania jest dozwolonych w trybie offline"
-#: src/config/SSSDConfig.py:72
+#: src/config/SSSDConfig.py:75
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
@@ -148,349 +163,353 @@ msgstr ""
"Ile czasu (minut) nie pozwalać na zalogowanie po osiągnięciu "
"offline_failed_login_attempts"
-#: src/config/SSSDConfig.py:73
+#: src/config/SSSDConfig.py:76
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
"Jaki rodzaj komunikatów wyświetlać użytkownikowi podczas uwierzytelniania"
-#: src/config/SSSDConfig.py:74
+#: src/config/SSSDConfig.py:77
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
"Ile sekund zatrzymać informacje o tożsamości w pamięci podręcznej dla żądań "
"PAM"
-#: src/config/SSSDConfig.py:75
+#: src/config/SSSDConfig.py:78
msgid "How many days before password expiration a warning should be displayed"
msgstr "Ile dni przed wygaśnięciem hasła wyświetlić ostrzeżenie"
-#: src/config/SSSDConfig.py:78
+#: src/config/SSSDConfig.py:81
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr "Określa, czy szacować atrybuty oparte na czasie w regułach sudo"
-#: src/config/SSSDConfig.py:79
+#: src/config/SSSDConfig.py:82
msgid ""
"How many seconds to keep sudorules cached before asking the provider again"
msgstr ""
"Ile sekund trzymać reguły sudo w pamięci podręcznej przed ponownym "
"zapytaniem dostawcy"
-#: src/config/SSSDConfig.py:85
+#: src/config/SSSDConfig.py:88
+msgid "Whether to hash host names and adresses in the known_hosts file"
+msgstr ""
+
+#: src/config/SSSDConfig.py:91
msgid "Identity provider"
msgstr "Dostawca tożsamości"
-#: src/config/SSSDConfig.py:86
+#: src/config/SSSDConfig.py:92
msgid "Authentication provider"
msgstr "Dostawca uwierzytelniania"
-#: src/config/SSSDConfig.py:87
+#: src/config/SSSDConfig.py:93
msgid "Access control provider"
msgstr "Dostawca kontroli dostępu"
-#: src/config/SSSDConfig.py:88
+#: src/config/SSSDConfig.py:94
msgid "Password change provider"
msgstr "Dostawca zmiany hasła"
-#: src/config/SSSDConfig.py:89
+#: src/config/SSSDConfig.py:95
msgid "SUDO provider"
msgstr "Dostawca SUDO"
-#: src/config/SSSDConfig.py:90
+#: src/config/SSSDConfig.py:96
msgid "Autofs provider"
msgstr "Dostawca Autofs"
-#: src/config/SSSDConfig.py:91
+#: src/config/SSSDConfig.py:97
msgid "Session-loading provider"
msgstr "Dostawca wczytywania sesji"
-#: src/config/SSSDConfig.py:92
+#: src/config/SSSDConfig.py:98
msgid "Host identity provider"
msgstr "Dostawca tożsamości komputera"
-#: src/config/SSSDConfig.py:95
+#: src/config/SSSDConfig.py:101
msgid "Minimum user ID"
msgstr "Minimalny identyfikator użytkownika"
-#: src/config/SSSDConfig.py:96
+#: src/config/SSSDConfig.py:102
msgid "Maximum user ID"
msgstr "Maksymalny identyfikator użytkownika"
-#: src/config/SSSDConfig.py:97
+#: src/config/SSSDConfig.py:103
msgid "Enable enumerating all users/groups"
msgstr "Włącza wyliczanie wszystkich użytkowników/grup"
-#: src/config/SSSDConfig.py:98
+#: src/config/SSSDConfig.py:104
msgid "Cache credentials for offline login"
msgstr "Dane uwierzytelniające pamięci podręcznej dla logowań w trybie offline"
-#: src/config/SSSDConfig.py:99
+#: src/config/SSSDConfig.py:105
msgid "Store password hashes"
msgstr "Przechowuje mieszanie haseł"
-#: src/config/SSSDConfig.py:100
+#: src/config/SSSDConfig.py:106
msgid "Display users/groups in fully-qualified form"
msgstr "Wyświetla użytkowników/grupy w pełnej formie"
-#: src/config/SSSDConfig.py:101 src/config/SSSDConfig.py:108
-#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
-#: src/config/SSSDConfig.py:111 src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:115 src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:117 src/config/SSSDConfig.py:118
msgid "Entry cache timeout length (seconds)"
msgstr "Czas oczekiwania pamięci podręcznej wpisów (sekundy)"
-#: src/config/SSSDConfig.py:102
+#: src/config/SSSDConfig.py:108
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
"Ogranicza lub preferuje podaną rodzinę adresów podczas wykonywania "
"wyszukiwań DNS"
-#: src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:109
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
"Jak długo utrzymywać wpisy logowania w pamięci podręcznej po ostatnim udanym "
"zalogowaniu (dni)"
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:110
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
"Jak długo czekać na odpowiedzi od serwera DNS podczas rozwiązywania serwerów "
"(sekundy)"
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:111
msgid "The domain part of service discovery DNS query"
msgstr "Część domeny zapytania DNS wykrywania usługi"
-#: src/config/SSSDConfig.py:106
+#: src/config/SSSDConfig.py:112
msgid "Override GID value from the identity provider with this value"
msgstr "Zastępuje wartość GID z dostawcy tożsamości tą wartością"
-#: src/config/SSSDConfig.py:107
+#: src/config/SSSDConfig.py:113
msgid "Treat usernames as case sensitive"
msgstr "Rozróżnianie wielkości liter w nazwach użytkowników"
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:121
msgid "IPA domain"
msgstr "Domena IPA"
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:122
msgid "IPA server address"
msgstr "Adres serwera IPA"
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:123
msgid "IPA client hostname"
msgstr "Nazwa komputera klienta IPA"
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:124
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
"Czy automatycznie aktualizować wpis DNS klienta w oprogramowaniu FreeIPA"
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:125
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
"Interfejs, którego adres IP powinien być używany do dynamicznych "
"aktualizacji DNS"
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:126
msgid "Search base for HBAC related objects"
msgstr "Wyszukiwanie podstawy pod kątem obiektów związanych z HBAC"
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:127
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr "Czas między wyszukiwaniami reguł HBAC w serwerze IPA"
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:128
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr "Jeśli reguły DENY są dostępne, to DENY_ALL lub IGNORE"
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:129
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
"Jeśli ustawiono na fałsz, to parametr komputera podany przez PAM zostanie "
"zignorowany"
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:130
msgid "The automounter location this IPA client is using"
msgstr "Położenie automountera, którego używa ten klient IPA"
-#: src/config/SSSDConfig.py:127 src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:133 src/config/SSSDConfig.py:134
msgid "Kerberos server address"
msgstr "Adres serwera Kerberos"
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:135
msgid "Kerberos realm"
msgstr "Obszar Kerberos"
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:136
msgid "Authentication timeout"
msgstr "Czas oczekiwania na uwierzytelnienie"
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:139
msgid "Directory to store credential caches"
msgstr ""
"Katalog do przechowywania pamięci podręcznych danych uwierzytelniających"
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:140
msgid "Location of the user's credential cache"
msgstr "Położenie pamięci podręcznej danych uwierzytelniających użytkownika"
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:141
msgid "Location of the keytab to validate credentials"
msgstr "Położenie tablicy kluczy do sprawdzania danych uwierzytelniających"
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:142
msgid "Enable credential validation"
msgstr "Włącza sprawdzanie danych uwierzytelniających"
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:143
msgid "Store password if offline for later online authentication"
msgstr ""
"Przechowuje hasło, jeśli w trybie offline do późniejszego uwierzytelnienia w "
"trybie online"
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:144
msgid "Renewable lifetime of the TGT"
msgstr "Odnawialny czas trwania TGT"
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of the TGT"
msgstr "Czas trwania TGT"
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:146
msgid "Time between two checks for renewal"
msgstr "Czas między dwoma sprawdzaniami odnowy"
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:147
msgid "Enables FAST"
msgstr "Włącza FAST"
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:148
msgid "Selects the principal to use for FAST"
msgstr "Wybiera naczelnika do użycia dla FAST"
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:149
msgid "Enables principal canonicalization"
msgstr "Włącza ujednolicanie naczelnika"
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:152
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"Serwer, w którym jest uruchomiona usługa zmiany haseł, jeśli nie znajduje "
"się w KDC"
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:155
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, adres URI serwera LDAP"
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:156
msgid "The default base DN"
msgstr "Domyślna podstawowa DN"
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:157
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Typ Schema do użycia na serwerze LDAP, RFC2307"
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:158
msgid "The default bind DN"
msgstr "Domyślne DN dowiązania"
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:159
msgid "The type of the authentication token of the default bind DN"
msgstr "Typ tokenu uwierzytelniania domyślnego DN dowiązania"
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:160
msgid "The authentication token of the default bind DN"
msgstr "Token uwierzytelniania domyślnego DN dowiązania"
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:161
msgid "Length of time to attempt connection"
msgstr "Czas do próby połączenia"
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:162
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Czas do próby synchronicznych działań LDAP"
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:163
msgid "Length of time between attempts to reconnect while offline"
msgstr "Czas między próbami ponownego połączenia w trybie offline"
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:164
msgid "Use only the upper case for realm names"
msgstr "Użycie tylko małych znaków w nazwach obszarów"
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:165
msgid "File that contains CA certificates"
msgstr "Plik zawierający certyfikaty CA"
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:166
msgid "Path to CA certificate directory"
msgstr "Ścieżka do katalogu certyfikatów CA"
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:167
msgid "File that contains the client certificate"
msgstr "Plik zawierający certyfikat klienta"
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:168
msgid "File that contains the client key"
msgstr "Plik zawierający klucz klienta"
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:169
msgid "List of possible ciphers suites"
msgstr "Lista możliwych zestawów szyfrów"
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:170
msgid "Require TLS certificate verification"
msgstr "Wymaga sprawdzenia certyfikatu TLS"
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:171
msgid "Specify the sasl mechanism to use"
msgstr "Podaje używany mechanizm SASL"
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:172
msgid "Specify the sasl authorization id to use"
msgstr "Podaje używany identyfikator upoważnienia SASL"
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:173
msgid "Specify the sasl authorization realm to use"
msgstr "Podaje obszar upoważnienia SASL do użycia"
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:174
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr "Podaje minimalne SSF dla upoważnienia sasl LDAP"
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:175
msgid "Kerberos service keytab"
msgstr "Tablica kluczy usługi Kerberos"
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:176
msgid "Use Kerberos auth for LDAP connection"
msgstr "Używa uwierzytelniania Kerberos dla połączenia LDAP"
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:177
msgid "Follow LDAP referrals"
msgstr "Podąża za odsyłaniami LDAP"
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:178
msgid "Lifetime of TGT for LDAP connection"
msgstr "Czas trwania TGT dla połączenia LDAP"
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:179
msgid "How to dereference aliases"
msgstr "Jak wskazywać aliasy"
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:180
msgid "Service name for DNS service lookups"
msgstr "Nazwa usługi do wyszukiwań usługi DNS"
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:181
msgid "The number of records to retrieve in a single LDAP query"
msgstr "Liczba wpisów do pobrania w jednym zapytaniu LDAP"
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:182
msgid "The number of members that must be missing to trigger a full deref"
msgstr "Suma liczb, których musi brakować, aby wywołać pełne \"deref\""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:183
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
@@ -498,426 +517,469 @@ msgstr ""
"Określa, czy biblioteka LDAP powinna wykonywać odwrotne wyszukanie, aby "
"ujednolicić nazwę komputera podczas dowiązania SASL"
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:185
msgid "entryUSN attribute"
msgstr "Atrybut entryUSN"
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:186
msgid "lastUSN attribute"
msgstr "Atrybut lastUSN"
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:188
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr "Jak długo utrzymywać połączenie z serwerem LDAP przed rozłączeniem"
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:190
msgid "Disable the LDAP paging control"
msgstr "Wyłącza kontrolę stronicowania LDAP"
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:193
msgid "Length of time to wait for a search request"
msgstr "Czas oczekiwania na żądanie wyszukiwania"
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:194
msgid "Length of time to wait for a enumeration request"
msgstr "Czas oczekiwania na żądanie wyliczenia"
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:195
msgid "Length of time between enumeration updates"
msgstr "Czas między aktualizacjami wyliczania"
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:196
msgid "Length of time between cache cleanups"
msgstr "Czas między czyszczeniem pamięci podręcznej"
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:197
msgid "Require TLS for ID lookups"
msgstr "Wymaga TLS dla wyszukiwania identyfikatorów"
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:198
+msgid "Use ID-mapping of objectSID instead of pre-set IDs"
+msgstr ""
+
+#: src/config/SSSDConfig.py:199
msgid "Base DN for user lookups"
msgstr "Podstawowe DN dla wyszukiwania użytkowników"
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:200
msgid "Scope of user lookups"
msgstr "Zakres wyszukiwania użytkowników"
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:201
msgid "Filter for user lookups"
msgstr "Filtruje wyszukiwania użytkowników"
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:202
msgid "Objectclass for users"
msgstr "Klasa obiektów dla użytkowników"
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:203
msgid "Username attribute"
msgstr "Atrybut nazwy użytkownika"
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:205
msgid "UID attribute"
msgstr "Atrybut UID"
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:206
msgid "Primary GID attribute"
msgstr "Pierwszy atrybut GID"
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:207
msgid "GECOS attribute"
msgstr "Atrybut GECOS"
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:208
msgid "Home directory attribute"
msgstr "Atrybut katalogu domowego"
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:209
msgid "Shell attribute"
msgstr "Atrybut powłoki"
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:210
msgid "UUID attribute"
msgstr "Atrybut UUID"
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:211 src/config/SSSDConfig.py:247
+#, fuzzy
+msgid "objectSID attribute"
+msgstr "Atrybut UID"
+
+#: src/config/SSSDConfig.py:212
+msgid "Active Directory primary group attribute for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:213
msgid "User principal attribute (for Kerberos)"
msgstr "Atrybut głównego użytkownika (dla Kerberos)"
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:214
msgid "Full Name"
msgstr "Imię i nazwisko"
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:215
msgid "memberOf attribute"
msgstr "Atrybut memberOf"
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:216
msgid "Modification time attribute"
msgstr "Atrybut czasu modyfikacji"
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:218
msgid "shadowLastChange attribute"
msgstr "Atrybut shadowLastChange"
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:219
msgid "shadowMin attribute"
msgstr "Atrybut shadowMin"
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:220
msgid "shadowMax attribute"
msgstr "Atrybut shadowMax"
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:221
msgid "shadowWarning attribute"
msgstr "Atrybut shadowWarning"
-#: src/config/SSSDConfig.py:213
+#: src/config/SSSDConfig.py:222
msgid "shadowInactive attribute"
msgstr "Atrybut shadowInactive"
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:223
msgid "shadowExpire attribute"
msgstr "Atrybut shadowExpire"
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:224
msgid "shadowFlag attribute"
msgstr "Atrybut shadowFlag"
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:225
msgid "Attribute listing authorized PAM services"
msgstr "Atrybut zawierający listę upoważnionych usług PAM"
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:226
msgid "Attribute listing authorized server hosts"
msgstr "Atrybut zawierający listę upoważnionych komputerów serwerowych"
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:227
msgid "krbLastPwdChange attribute"
msgstr "Atrybut krbLastPwdChange"
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:228
msgid "krbPasswordExpiration attribute"
msgstr "Atrybut krbPasswordExpiration"
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:229
msgid "Attribute indicating that server side password policies are active"
msgstr "Atrybut wskazujący, czy polityki haseł po stronie serwera są aktywne"
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:230
msgid "accountExpires attribute of AD"
msgstr "Atrybut accountExpires AD"
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:231
msgid "userAccountControl attribute of AD"
msgstr "Atrybut userAccountControl AD"
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:232
msgid "nsAccountLock attribute"
msgstr "Atrybut nsAccountLock"
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:233
msgid "loginDisabled attribute of NDS"
msgstr "Atrybut loginDisabled NDS"
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:234
msgid "loginExpirationTime attribute of NDS"
msgstr "Atrybut loginExpirationTime NDS"
-#: src/config/SSSDConfig.py:226
+#: src/config/SSSDConfig.py:235
msgid "loginAllowedTimeMap attribute of NDS"
msgstr "Atrybut loginAllowedTimeMap NDS"
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:236
msgid "SSH public key attribute"
msgstr "Atrybut klucza publicznego SSH"
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:238
msgid "Base DN for group lookups"
msgstr "Podstawowe DN dla wyszukiwania grup"
-#: src/config/SSSDConfig.py:232
+#: src/config/SSSDConfig.py:241
msgid "Objectclass for groups"
msgstr "Klasa obiektów dla grup"
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:242
msgid "Group name"
msgstr "Nazwa grupy"
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:243
msgid "Group password"
msgstr "Hasło grupy"
-#: src/config/SSSDConfig.py:235
+#: src/config/SSSDConfig.py:244
msgid "GID attribute"
msgstr "Atrybut GID"
-#: src/config/SSSDConfig.py:236
+#: src/config/SSSDConfig.py:245
msgid "Group member attribute"
msgstr "Atrybut elementu grupy"
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:246
msgid "Group UUID attribute"
msgstr "Atrybut UUID grupy"
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:248
msgid "Modification time attribute for groups"
msgstr "Atrybut czasu modyfikacji grup"
-#: src/config/SSSDConfig.py:240
+#: src/config/SSSDConfig.py:250
msgid "Maximum nesting level SSSd will follow"
msgstr "Maksymalny poziom zagnieżdżenia, jaki usługa SSSD będzie używała"
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:252
msgid "Base DN for netgroup lookups"
msgstr "Podstawowe DN dla wyszukiwania grupy sieciowej"
-#: src/config/SSSDConfig.py:243
+#: src/config/SSSDConfig.py:253
msgid "Objectclass for netgroups"
msgstr "Klasa obiektów dla grup sieciowych"
-#: src/config/SSSDConfig.py:244
+#: src/config/SSSDConfig.py:254
msgid "Netgroup name"
msgstr "Nazwa grupy sieciowej"
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:255
msgid "Netgroups members attribute"
msgstr "Atrybut elementów grupy sieciowej"
-#: src/config/SSSDConfig.py:246
+#: src/config/SSSDConfig.py:256
msgid "Netgroup triple attribute"
msgstr "Potrójny atrybut grupy sieciowej"
-#: src/config/SSSDConfig.py:247
+#: src/config/SSSDConfig.py:257
msgid "Netgroup UUID attribute"
msgstr "Atrybut UUID grupy sieciowej"
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:258
msgid "Modification time attribute for netgroups"
msgstr "Atrybut czasu modyfikacji grup sieciowych"
-#: src/config/SSSDConfig.py:250
+#: src/config/SSSDConfig.py:260
msgid "Base DN for service lookups"
msgstr "Podstawowe DN do wyszukiwania usług"
-#: src/config/SSSDConfig.py:251
+#: src/config/SSSDConfig.py:261
msgid "Objectclass for services"
msgstr "Klasa obiektów dla usług"
-#: src/config/SSSDConfig.py:252
+#: src/config/SSSDConfig.py:262
msgid "Service name attribute"
msgstr "Atrybut nazwy usługi"
-#: src/config/SSSDConfig.py:253
+#: src/config/SSSDConfig.py:263
msgid "Service port attribute"
msgstr "Atrybut portu usługi"
-#: src/config/SSSDConfig.py:254
+#: src/config/SSSDConfig.py:264
msgid "Service protocol attribute"
msgstr "Atrybut protokołu usługi"
-#: src/config/SSSDConfig.py:258
+#: src/config/SSSDConfig.py:267
+msgid "Lower bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:268
+msgid "Upper bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:269
+msgid "Number of IDs for each slice when ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:270
+msgid "Use autorid-compatible algorithm for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:271
+msgid "Name of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:272
+msgid "SID of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:275
msgid "Policy to evaluate the password expiration"
msgstr "Polityka do oszacowania wygaszenia hasła"
-#: src/config/SSSDConfig.py:261
+#: src/config/SSSDConfig.py:278
msgid "LDAP filter to determine access privileges"
msgstr "Filtr LDAP do określenia uprawnień dostępu"
-#: src/config/SSSDConfig.py:262
+#: src/config/SSSDConfig.py:279
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr "Które atrybuty powinny być używane do sprawdzenia, czy konto wygasło"
-#: src/config/SSSDConfig.py:263
+#: src/config/SSSDConfig.py:280
msgid "Which rules should be used to evaluate access control"
msgstr "Które reguły powinny być używane do sprawdzania kontroli dostępu"
-#: src/config/SSSDConfig.py:266
+#: src/config/SSSDConfig.py:283
msgid "URI of an LDAP server where password changes are allowed"
msgstr "Adres URI serwera LDAP, gdzie zmiany hasła są dozwolone"
-#: src/config/SSSDConfig.py:267
+#: src/config/SSSDConfig.py:284
msgid "DNS service name for LDAP password change server"
msgstr "Nazwa usługi DNS serwera zmiany hasła LDAP"
-#: src/config/SSSDConfig.py:270
+#: src/config/SSSDConfig.py:287
msgid "Base DN for sudo rules lookups"
msgstr "Podstawowe DN dla wyszukiwań reguł sudo"
-#: src/config/SSSDConfig.py:271
+#: src/config/SSSDConfig.py:288
msgid "Enable periodical update of all sudo rules"
msgstr "Włącz okresową aktualizację wszystkich reguł sudo"
-#: src/config/SSSDConfig.py:272
+#: src/config/SSSDConfig.py:289
msgid "Length of time between rules updates"
msgstr "Okres czasu między aktualizacjami reguł"
-#: src/config/SSSDConfig.py:273
+#: src/config/SSSDConfig.py:290
msgid "Object class for sudo rules"
msgstr "Klasa obiektów dla reguł sudo"
-#: src/config/SSSDConfig.py:274
+#: src/config/SSSDConfig.py:291
msgid "Sudo rule name"
msgstr "Nazwa reguły sudo"
-#: src/config/SSSDConfig.py:275
+#: src/config/SSSDConfig.py:292
msgid "Sudo rule command attribute"
msgstr "Atrybut polecenia reguły sudo"
-#: src/config/SSSDConfig.py:276
+#: src/config/SSSDConfig.py:293
msgid "Sudo rule host attribute"
msgstr "Atrybut komputera reguły sudo"
-#: src/config/SSSDConfig.py:277
+#: src/config/SSSDConfig.py:294
msgid "Sudo rule user attribute"
msgstr "Atrybut użytkownika reguły sudo"
-#: src/config/SSSDConfig.py:278
+#: src/config/SSSDConfig.py:295
msgid "Sudo rule option attribute"
msgstr "Atrybut opcji reguły sudo"
-#: src/config/SSSDConfig.py:279
+#: src/config/SSSDConfig.py:296
msgid "Sudo rule runasuser attribute"
msgstr "Atrybut runasuser reguły sudo"
-#: src/config/SSSDConfig.py:280
+#: src/config/SSSDConfig.py:297
msgid "Sudo rule runasgroup attribute"
msgstr "Atrybut runasgroup reguły sudo"
-#: src/config/SSSDConfig.py:281
+#: src/config/SSSDConfig.py:298
msgid "Sudo rule notbefore attribute"
msgstr "Atrybut notbefore reguły sudo"
-#: src/config/SSSDConfig.py:282
+#: src/config/SSSDConfig.py:299
msgid "Sudo rule notafter attribute"
msgstr "Atrybut notafter reguły sudo"
-#: src/config/SSSDConfig.py:283
+#: src/config/SSSDConfig.py:300
msgid "Sudo rule order attribute"
msgstr "Atrybut kolejności reguły sudo"
-#: src/config/SSSDConfig.py:286
+#: src/config/SSSDConfig.py:303
msgid "Object class for automounter maps"
msgstr "Klasa obiektów dla map automountera"
-#: src/config/SSSDConfig.py:287
+#: src/config/SSSDConfig.py:304
msgid "Automounter map name attribute"
msgstr "Atrybut nazwy mapy automountera"
-#: src/config/SSSDConfig.py:288
+#: src/config/SSSDConfig.py:305
msgid "Object class for automounter map entries"
msgstr "Klasa obiektów dla wpisów map automountera"
-#: src/config/SSSDConfig.py:289
+#: src/config/SSSDConfig.py:306
msgid "Automounter map entry key attribute"
msgstr "Atrybut klucza wpisu mapy automountera"
-#: src/config/SSSDConfig.py:290
+#: src/config/SSSDConfig.py:307
msgid "Automounter map entry value attribute"
msgstr "Atrybut wartości wpisu mapy automountera"
-#: src/config/SSSDConfig.py:291
+#: src/config/SSSDConfig.py:308
msgid "Base DN for automounter map lookups"
msgstr "Podstawowe DN dla wyszukiwań map automountera"
-#: src/config/SSSDConfig.py:294
+#: src/config/SSSDConfig.py:311
msgid "Comma separated list of allowed users"
msgstr "Lista dozwolonych użytkowników oddzielonych przecinkami"
-#: src/config/SSSDConfig.py:295
+#: src/config/SSSDConfig.py:312
msgid "Comma separated list of prohibited users"
msgstr "Lista zabronionych użytkowników oddzielonych przecinkami"
-#: src/config/SSSDConfig.py:298
+#: src/config/SSSDConfig.py:315
msgid "Default shell, /bin/bash"
msgstr "Domyślna powłoka, /bin/bash"
-#: src/config/SSSDConfig.py:299
+#: src/config/SSSDConfig.py:316
msgid "Base for home directories"
msgstr "Podstawa katalogów domowych"
-#: src/config/SSSDConfig.py:302
+#: src/config/SSSDConfig.py:319
msgid "The name of the NSS library to use"
msgstr "Nazwa używanej biblioteki NSS"
-#: src/config/SSSDConfig.py:305
+#: src/config/SSSDConfig.py:320
+msgid "Whether to look up canonical group name from cache if possible"
+msgstr ""
+"Określa, czy wyszukiwać kanoniczną nazwę grupy w pamięci podręcznej, jeśli "
+"to możliwe"
+
+#: src/config/SSSDConfig.py:323
msgid "PAM stack to use"
msgstr "Używany stos PAM"
-#: src/monitor/monitor.c:2379
+#: src/monitor/monitor.c:2398
msgid "Become a daemon (default)"
msgstr "Uruchamia jako demon (domyślnie)"
-#: src/monitor/monitor.c:2381
+#: src/monitor/monitor.c:2400
msgid "Run interactive (not a daemon)"
msgstr "Uruchamia interaktywnie (nie jako demon)"
-#: src/monitor/monitor.c:2383 src/tools/sss_debuglevel.c:77
+#: src/monitor/monitor.c:2402 src/tools/sss_debuglevel.c:77
msgid "Specify a non-default config file"
msgstr "Podaje niedomyślny plik konfiguracji"
-#: src/monitor/monitor.c:2385
+#: src/monitor/monitor.c:2404
msgid "Print version number and exit"
msgstr "Wyświetla numer wersji i kończy działanie"
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381
-#: src/util/util.h:89
+#: src/providers/krb5/krb5_child.c:1606 src/providers/ldap/ldap_child.c:402
+#: src/util/util.h:91
msgid "Debug level"
msgstr "Poziom debugowania"
-#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1608 src/providers/ldap/ldap_child.c:404
+#: src/util/util.h:95
msgid "Add debug timestamps"
msgstr "Dodaje czasy debugowania"
-#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385
-#: src/util/util.h:95
+#: src/providers/krb5/krb5_child.c:1610 src/providers/ldap/ldap_child.c:406
+#: src/util/util.h:97
msgid "Show timestamps with microseconds"
msgstr "Wyświetlanie dat z mikrosekundami"
-#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387
+#: src/providers/krb5/krb5_child.c:1612 src/providers/ldap/ldap_child.c:408
msgid "An open file descriptor for the debug logs"
msgstr "Otwiera deskryptor pliku dla dzienników debugowania"
-#: src/providers/data_provider_be.c:2016
+#: src/providers/data_provider_be.c:2217
msgid "Domain of the information provider (mandatory)"
msgstr "Domena dostawcy informacji (wymagane)"
@@ -945,95 +1007,96 @@ msgstr "Wystąpił błąd, ale nie odnaleziono jego opisu."
msgid "Unexpected error while looking for an error description"
msgstr "Nieoczekiwany błąd podczas wyszukiwania opisu błędu"
-#: src/sss_client/pam_sss.c:378
+#: src/sss_client/pam_sss.c:379
msgid "Passwords do not match"
msgstr "Hasła nie zgadzają się"
-#: src/sss_client/pam_sss.c:571
+#: src/sss_client/pam_sss.c:567
msgid "Password reset by root is not supported."
msgstr "Przywrócenie hasła przez użytkownika root nie jest obsługiwane."
-#: src/sss_client/pam_sss.c:612
+#: src/sss_client/pam_sss.c:608
msgid "Authenticated with cached credentials"
msgstr "Uwierzytelniono za pomocą danych z pamięci podręcznej"
-#: src/sss_client/pam_sss.c:613
+#: src/sss_client/pam_sss.c:609
msgid ", your cached password will expire at: "
msgstr ", hasło w pamięci podręcznej wygaśnie za: "
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:639
#, c-format
msgid "Your password has expired. You have %d grace login(s) remaining."
msgstr "Hasło wygasło. Pozostało %d możliwych logowań."
-#: src/sss_client/pam_sss.c:689
+#: src/sss_client/pam_sss.c:685
#, c-format
msgid "Your password will expire in %d %s."
msgstr "Hasło wygaśnie za %d %s."
-#: src/sss_client/pam_sss.c:738
+#: src/sss_client/pam_sss.c:734
msgid "Authentication is denied until: "
msgstr "Uwierzytelnianie jest zabronione do: "
-#: src/sss_client/pam_sss.c:759
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr "System jest w trybie offline, zmiana hasła nie jest możliwa"
-#: src/sss_client/pam_sss.c:789 src/sss_client/pam_sss.c:802
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr "Zmiana hasła nie powiodła się. "
-#: src/sss_client/pam_sss.c:792 src/sss_client/pam_sss.c:803
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr "Komunikat serwera: "
-#: src/sss_client/pam_sss.c:1286
+#: src/sss_client/pam_sss.c:1288
msgid "New Password: "
msgstr "Nowe hasło: "
-#: src/sss_client/pam_sss.c:1287
+#: src/sss_client/pam_sss.c:1289
msgid "Reenter new Password: "
msgstr "Proszę ponownie podać nowe hasło: "
-#: src/sss_client/pam_sss.c:1373
+#: src/sss_client/pam_sss.c:1375
msgid "Password: "
msgstr "Hasło: "
-#: src/sss_client/pam_sss.c:1405
+#: src/sss_client/pam_sss.c:1407
msgid "Current Password: "
msgstr "Bieżące hasło: "
-#: src/sss_client/pam_sss.c:1552
+#: src/sss_client/pam_sss.c:1554
msgid "Password expired. Change your password now."
msgstr "Hasło wygasło. Proszę je zmienić teraz."
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:211 src/tools/sss_useradd.c:48
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:43
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:615
#: src/tools/sss_userdel.c:131 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:254 src/tools/sss_debuglevel.c:75
+#: src/tools/sss_cache.c:321 src/tools/sss_debuglevel.c:75
msgid "The debug level to run with"
msgstr "Poziom debugowania, z jakim uruchomić"
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:215
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:199
msgid "The SSSD domain to use"
msgstr "Domena SSSD do użycia"
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:58
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:229 src/tools/sss_useradd.c:71
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:216 src/tools/sss_useradd.c:71
#: src/tools/sss_groupadd.c:56 src/tools/sss_groupdel.c:52
#: src/tools/sss_groupmod.c:63 src/tools/sss_groupshow.c:626
#: src/tools/sss_userdel.c:148 src/tools/sss_usermod.c:72
-#: src/tools/sss_cache.c:275
+#: src/tools/sss_cache.c:352
msgid "Error setting the locale\n"
msgstr "Błąd podczas ustawiania lokalizacji\n"
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:65
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:91
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:236
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:269
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:115
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:223
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:283
msgid "Not enough memory\n"
msgstr "Brak pamięci\n"
@@ -1041,35 +1104,43 @@ msgstr "Brak pamięci\n"
msgid "User not specified\n"
msgstr "Nie podano użytkownika\n"
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:104
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:282
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:105
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:297
msgid "Error looking up public keys\n"
msgstr "Błąd podczas wyszukiwania kluczy publicznych\n"
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:94
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:76
msgid "Failed to open a socket\n"
msgstr "Otwarcie gniazda się nie powiodło\n"
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:104
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:86
msgid "Failed to connect to the server\n"
msgstr "Połączenie z serwerem się nie powiodło\n"
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:179
msgid "Failed to execute proxy command\n"
msgstr "Wykonanie polecenia pośrednika się nie powiodło\n"
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:213
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:197
msgid "The port to use to connect to the host"
msgstr "Port do użycia do połączenia z komputerem"
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:255
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:242
msgid "Host not specified\n"
msgstr "Nie podano komputera\n"
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:261
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:248
msgid "The path to the proxy command must be absolute\n"
msgstr "Ścieżka do polecenia pośrednika musi być bezwzględna\n"
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:263
+msgid "Host name cannot be resolved\n"
+msgstr "Nie można rozwiązać nazwy komputera\n"
+
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:274
+msgid "Reverse lookup failed\n"
+msgstr "Odwrócone wyszukanie się nie powiodło\n"
+
#: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
msgid "The UID of the user"
msgstr "UID użytkownika"
@@ -1472,44 +1543,91 @@ msgstr ""
msgid "Transaction error. Could not modify user.\n"
msgstr "Błąd transakcji. Nie można zmodyfikować użytkownika.\n"
-#: src/tools/sss_cache.c:132
+#: src/tools/sss_cache.c:138
+msgid "No cache object matched the specified search\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:172
+#, c-format
+msgid "No such %s named %s, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:175
+#, c-format
+msgid "No objects of type %s in the cache, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:187
#, c-format
msgid "Couldn't invalidate %s"
msgstr "Nie można unieważnić %s"
-#: src/tools/sss_cache.c:138
+#: src/tools/sss_cache.c:194
#, c-format
msgid "Couldn't invalidate %s %s"
msgstr "Nie można unieważnić %s %s"
-#: src/tools/sss_cache.c:256
+#: src/tools/sss_cache.c:323
msgid "Invalidate particular user"
msgstr "Unieważnia podanego użytkownika"
-#: src/tools/sss_cache.c:258
+#: src/tools/sss_cache.c:325
msgid "Invalidate all users"
msgstr "Unieważnia wszystkich użytkowników"
-#: src/tools/sss_cache.c:260
+#: src/tools/sss_cache.c:327
msgid "Invalidate particular group"
msgstr "Unieważnia podaną grupę"
-#: src/tools/sss_cache.c:262
+#: src/tools/sss_cache.c:329
msgid "Invalidate all groups"
msgstr "Unieważnia wszystkie grupy"
-#: src/tools/sss_cache.c:264
+#: src/tools/sss_cache.c:331
msgid "Invalidate particular netgroup"
msgstr "Unieważnia podaną grupę sieciową"
-#: src/tools/sss_cache.c:266
+#: src/tools/sss_cache.c:333
msgid "Invalidate all netgroups"
msgstr "Unieważnia wszystkie grupy sieciowe"
-#: src/tools/sss_cache.c:268
+#: src/tools/sss_cache.c:335
+#, fuzzy
+msgid "Invalidate particular service"
+msgstr "Unieważnia podanego użytkownika"
+
+#: src/tools/sss_cache.c:337
+#, fuzzy
+msgid "Invalidate all services"
+msgstr "Unieważnia wszystkich użytkowników"
+
+#: src/tools/sss_cache.c:340
+#, fuzzy
+msgid "Invalidate particular autofs map"
+msgstr "Unieważnia podanego użytkownika"
+
+#: src/tools/sss_cache.c:342
+#, fuzzy
+msgid "Invalidate all autofs maps"
+msgstr "Unieważnia wszystkich użytkowników"
+
+#: src/tools/sss_cache.c:345
msgid "Only invalidate entries from a particular domain"
msgstr "Unieważnia wpisy tylko z podanej domeny"
+#: src/tools/sss_cache.c:384
+msgid "Please select at least one object to invalidate\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:455
+#, c-format
+msgid "Could not open domain %s\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:457
+msgid "Could not open available domains\n"
+msgstr ""
+
#: src/tools/sss_debuglevel.c:43
msgid "\n"
msgstr "\n"
@@ -1527,7 +1645,7 @@ msgstr "Brak pamięci\n"
msgid "%s must be run as root\n"
msgstr "%s musi zostać uruchomione jako root\n"
-#: src/util/util.h:91
+#: src/util/util.h:93
msgid "Send the debug output to files instead of stderr"
msgstr ""
"Wysyła wyjście debugowania do plików, zamiast do standardowego wyjścia błędów"
diff --git a/po/pt.po b/po/pt.po
index 42df3fe7d..db2d704f7 100644
--- a/po/pt.po
+++ b/po/pt.po
@@ -7,8 +7,8 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2012-03-12 16:37-0400\n"
-"PO-Revision-Date: 2012-03-08 11:41+0000\n"
+"POT-Creation-Date: 2012-05-11 14:59-0400\n"
+"PO-Revision-Date: 2012-04-20 16:09+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: Portuguese <trans-pt@lists.fedoraproject.org>\n"
"Language: pt\n"
@@ -38,102 +38,116 @@ msgid "Ping timeout before restarting service"
msgstr "Foi excedido o tempo do ping antes de reiniciar o serviço"
#: src/config/SSSDConfig.py:44
+msgid ""
+"Timeout between three failed ping checks and forcibly killing the service"
+msgstr ""
+
+#: src/config/SSSDConfig.py:45
msgid "Command to start service"
msgstr "Comando para iniciar serviço"
-#: src/config/SSSDConfig.py:45
+#: src/config/SSSDConfig.py:46
msgid "Number of times to attempt connection to Data Providers"
msgstr "Número de vezes para tentar ligação aos Fornecedores de Dados"
-#: src/config/SSSDConfig.py:46
+#: src/config/SSSDConfig.py:47
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig.py:49
+#: src/config/SSSDConfig.py:50
msgid "SSSD Services to start"
msgstr "Serviços SSSD a iniciar"
-#: src/config/SSSDConfig.py:50
+#: src/config/SSSDConfig.py:51
msgid "SSSD Domains to start"
msgstr "Domínios SSSD a iniciar"
-#: src/config/SSSDConfig.py:51
+#: src/config/SSSDConfig.py:52
msgid "Timeout for messages sent over the SBUS"
msgstr "Limite de tempo para mensagens enviadas sobre SBUS"
-#: src/config/SSSDConfig.py:52
+#: src/config/SSSDConfig.py:53
msgid "Regex to parse username and domain"
msgstr "Expressão regular para obter nome do utilizar e domínio"
-#: src/config/SSSDConfig.py:53
+#: src/config/SSSDConfig.py:54
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr "Formato compatível com o printf para apresentar nomes completos"
-#: src/config/SSSDConfig.py:54
+#: src/config/SSSDConfig.py:55
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig.py:57
+#: src/config/SSSDConfig.py:58
msgid "Enumeration cache timeout length (seconds)"
msgstr "Validade da cache de enumeração (segundos)"
-#: src/config/SSSDConfig.py:58
+#: src/config/SSSDConfig.py:59
msgid "Entry cache background update timeout length (seconds)"
msgstr "Validade da actualização da cache em segundo plano (segundos)"
-#: src/config/SSSDConfig.py:59 src/config/SSSDConfig.py:82
+#: src/config/SSSDConfig.py:60 src/config/SSSDConfig.py:85
msgid "Negative cache timeout length (seconds)"
msgstr "Validade da cache negativa (segundos)"
-#: src/config/SSSDConfig.py:60
+#: src/config/SSSDConfig.py:61
msgid "Users that SSSD should explicitly ignore"
msgstr "Utilizadores que o SSSD devem explicitamente ignorar"
-#: src/config/SSSDConfig.py:61
+#: src/config/SSSDConfig.py:62
msgid "Groups that SSSD should explicitly ignore"
msgstr "Grupos que o SSSD devem explicitamente ignorar"
-#: src/config/SSSDConfig.py:62
+#: src/config/SSSDConfig.py:63
msgid "Should filtered users appear in groups"
msgstr "Devem os utilizadores filtrados aparecer em grupos"
-#: src/config/SSSDConfig.py:63
+#: src/config/SSSDConfig.py:64
msgid "The value of the password field the NSS provider should return"
msgstr "O valor do campo da senha que o fornecedor NSS deve retornar"
-#: src/config/SSSDConfig.py:64
+#: src/config/SSSDConfig.py:65
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:65
+#: src/config/SSSDConfig.py:66
+msgid ""
+"Substitute empty homedir value from the identity provider with this value"
+msgstr ""
+
+#: src/config/SSSDConfig.py:67
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig.py:66
+#: src/config/SSSDConfig.py:68
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig.py:67
+#: src/config/SSSDConfig.py:69
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
#: src/config/SSSDConfig.py:70
+msgid "Shell to use if the provider does not list one"
+msgstr ""
+
+#: src/config/SSSDConfig.py:73
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
"Durante quanto tempo devem ser permitidas as caches de sessões entre sessões "
"online (dias)"
-#: src/config/SSSDConfig.py:71
+#: src/config/SSSDConfig.py:74
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
"Quantas tentativas falhadas de inicio de sessão são permitidas quando offline"
-#: src/config/SSSDConfig.py:72
+#: src/config/SSSDConfig.py:75
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
@@ -141,759 +155,804 @@ msgstr ""
"Quanto tempo (minutos) para negar a sessão após "
"offline_failed_login_attempts ter sido atingido"
-#: src/config/SSSDConfig.py:73
+#: src/config/SSSDConfig.py:76
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig.py:74
+#: src/config/SSSDConfig.py:77
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig.py:75
+#: src/config/SSSDConfig.py:78
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig.py:78
+#: src/config/SSSDConfig.py:81
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:79
+#: src/config/SSSDConfig.py:82
msgid ""
"How many seconds to keep sudorules cached before asking the provider again"
msgstr ""
-#: src/config/SSSDConfig.py:85
+#: src/config/SSSDConfig.py:88
+msgid "Whether to hash host names and adresses in the known_hosts file"
+msgstr ""
+
+#: src/config/SSSDConfig.py:91
msgid "Identity provider"
msgstr "Fornecedor de identidade"
-#: src/config/SSSDConfig.py:86
+#: src/config/SSSDConfig.py:92
msgid "Authentication provider"
msgstr "Fornecedor de autenticação"
-#: src/config/SSSDConfig.py:87
+#: src/config/SSSDConfig.py:93
msgid "Access control provider"
msgstr "Fornecedor de controle de acesso"
-#: src/config/SSSDConfig.py:88
+#: src/config/SSSDConfig.py:94
msgid "Password change provider"
msgstr "Fornecedor de Alteração de Senha"
-#: src/config/SSSDConfig.py:89
+#: src/config/SSSDConfig.py:95
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig.py:90
+#: src/config/SSSDConfig.py:96
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig.py:91
+#: src/config/SSSDConfig.py:97
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig.py:92
+#: src/config/SSSDConfig.py:98
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig.py:95
+#: src/config/SSSDConfig.py:101
msgid "Minimum user ID"
msgstr "ID de utilizador mínimo"
-#: src/config/SSSDConfig.py:96
+#: src/config/SSSDConfig.py:102
msgid "Maximum user ID"
msgstr "ID de utilizador máximo"
-#: src/config/SSSDConfig.py:97
+#: src/config/SSSDConfig.py:103
msgid "Enable enumerating all users/groups"
msgstr "Permitir enumeração de todos os utilizadores/grupos"
-#: src/config/SSSDConfig.py:98
+#: src/config/SSSDConfig.py:104
msgid "Cache credentials for offline login"
msgstr "Efectuar cache de credenciais para sessões em modo desligado"
-#: src/config/SSSDConfig.py:99
+#: src/config/SSSDConfig.py:105
msgid "Store password hashes"
msgstr "Guardar hashes da senha"
-#: src/config/SSSDConfig.py:100
+#: src/config/SSSDConfig.py:106
msgid "Display users/groups in fully-qualified form"
msgstr "Apresentar utilizadores/grupos na forma completa"
-#: src/config/SSSDConfig.py:101 src/config/SSSDConfig.py:108
-#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
-#: src/config/SSSDConfig.py:111 src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:115 src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:117 src/config/SSSDConfig.py:118
msgid "Entry cache timeout length (seconds)"
msgstr "Validade da cache (segundos)"
-#: src/config/SSSDConfig.py:102
+#: src/config/SSSDConfig.py:108
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
"Restringir ou preferir famílias de endereços especificas quando efectua "
"consultas DNS"
-#: src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:109
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
"Durante quanto tempo devem ser permitidas as caches de sessões entre sessões "
"bem sucedidas (dias)"
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:110
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:111
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig.py:106
+#: src/config/SSSDConfig.py:112
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:107
+#: src/config/SSSDConfig.py:113
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:121
msgid "IPA domain"
msgstr "Domínio IPA"
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:122
msgid "IPA server address"
msgstr "Endereço do servidor IPA"
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:123
msgid "IPA client hostname"
msgstr "Nome da máquina do cliente IPA"
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:124
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:125
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:126
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:127
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:128
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:129
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:130
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig.py:127 src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:133 src/config/SSSDConfig.py:134
msgid "Kerberos server address"
msgstr "Endereço do servidor Kerberos"
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:135
msgid "Kerberos realm"
msgstr "Reino Kerberos"
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:136
msgid "Authentication timeout"
msgstr "Tempo de expiração da autenticação"
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:139
msgid "Directory to store credential caches"
msgstr "Directório para armazenar as caches de credenciais"
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:140
msgid "Location of the user's credential cache"
msgstr "Localização da cache de credenciais dos utilizadores"
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:141
msgid "Location of the keytab to validate credentials"
msgstr "Localização da tabela de chaves (keytab) para validar credenciais"
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:142
msgid "Enable credential validation"
msgstr "Activar validação de credenciais"
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:143
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:144
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:146
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:147
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:148
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:149
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:152
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"Servidor onde está em execução o serviço de alteração de senha, se não "
"coincide com o KDC"
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:155
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, O URI do servidor LDAP"
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:156
msgid "The default base DN"
msgstr "A base DN por omissão"
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:157
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "O tipo de Schema em utilização no servidor LDAP, rfc2307"
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:158
msgid "The default bind DN"
msgstr "O DN por omissão para a ligação"
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:159
msgid "The type of the authentication token of the default bind DN"
msgstr "O tipo de token de autenticação do bind DN por omissão"
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:160
msgid "The authentication token of the default bind DN"
msgstr "O token de autenticação do bind DN por omissão"
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:161
msgid "Length of time to attempt connection"
msgstr "Período de tempo para tentar ligação"
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:162
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Tempo de espera para tentar operações LDAP síncronas"
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:163
msgid "Length of time between attempts to reconnect while offline"
msgstr "Tempo de espera entre tentativas para re-conectar quando desligado"
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:164
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:165
msgid "File that contains CA certificates"
msgstr "Ficheiro que contêm os certificados CA"
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:166
msgid "Path to CA certificate directory"
msgstr "Caminho para o directório do certificado CA"
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:167
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:168
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:169
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:170
msgid "Require TLS certificate verification"
msgstr "Obriga a verificação de certificados TLS"
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:171
msgid "Specify the sasl mechanism to use"
msgstr "Especificar mecanismo sasl a utilizar"
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:172
msgid "Specify the sasl authorization id to use"
msgstr "Especifique o id sasl para utilizar na autorização"
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:173
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:174
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:175
msgid "Kerberos service keytab"
msgstr "Separador chave do serviço Kerberos"
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:176
msgid "Use Kerberos auth for LDAP connection"
msgstr "Utilizar autenticação Kerberos para ligações LDAP"
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:177
msgid "Follow LDAP referrals"
msgstr "Seguir os referrals LDAP"
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:178
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:179
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:180
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:181
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:182
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:183
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:185
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:186
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:188
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:190
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:193
msgid "Length of time to wait for a search request"
msgstr "Tempo de espera por um pedido de pesquisa"
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:194
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:195
msgid "Length of time between enumeration updates"
msgstr "Período de tempo entre enumeração de actualizações"
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:196
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:197
msgid "Require TLS for ID lookups"
msgstr "Requer TLS para consultas de ID"
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:198
+msgid "Use ID-mapping of objectSID instead of pre-set IDs"
+msgstr ""
+
+#: src/config/SSSDConfig.py:199
msgid "Base DN for user lookups"
msgstr "DN base para pesquisa de utilizadores"
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:200
msgid "Scope of user lookups"
msgstr "Âmbito das pesquisas do utilizador"
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:201
msgid "Filter for user lookups"
msgstr "Filtro para as pesquisas do utilizador"
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:202
msgid "Objectclass for users"
msgstr "Objectclass para utilizadores"
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:203
msgid "Username attribute"
msgstr "Atributo do nome do utilizador"
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:205
msgid "UID attribute"
msgstr "Atributo UID"
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:206
msgid "Primary GID attribute"
msgstr "Atributo GID primário"
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:207
msgid "GECOS attribute"
msgstr "Atributo GECOS"
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:208
msgid "Home directory attribute"
msgstr "Atributo da pasta pessoal"
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:209
msgid "Shell attribute"
msgstr "Atributo da Shell"
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:210
msgid "UUID attribute"
msgstr "Atributo UUID"
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:211 src/config/SSSDConfig.py:247
+#, fuzzy
+msgid "objectSID attribute"
+msgstr "Atributo UID"
+
+#: src/config/SSSDConfig.py:212
+msgid "Active Directory primary group attribute for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:213
msgid "User principal attribute (for Kerberos)"
msgstr "Atributo principal do utilizador (para Kerberos)"
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:214
msgid "Full Name"
msgstr "Nome Completo"
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:215
msgid "memberOf attribute"
msgstr "Atributo memberOf"
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:216
msgid "Modification time attribute"
msgstr "Atributo da alteração da data"
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:218
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:219
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:220
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:221
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:213
+#: src/config/SSSDConfig.py:222
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:223
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:224
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:225
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:226
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:227
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:228
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:229
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:230
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:231
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:232
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:233
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:234
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:226
+#: src/config/SSSDConfig.py:235
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:236
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:238
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:232
+#: src/config/SSSDConfig.py:241
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:242
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:243
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:235
+#: src/config/SSSDConfig.py:244
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:236
+#: src/config/SSSDConfig.py:245
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:246
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:248
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:240
+#: src/config/SSSDConfig.py:250
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:252
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:243
+#: src/config/SSSDConfig.py:253
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:244
+#: src/config/SSSDConfig.py:254
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:255
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:246
+#: src/config/SSSDConfig.py:256
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:247
+#: src/config/SSSDConfig.py:257
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:258
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:250
+#: src/config/SSSDConfig.py:260
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:251
+#: src/config/SSSDConfig.py:261
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig.py:252
+#: src/config/SSSDConfig.py:262
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig.py:253
+#: src/config/SSSDConfig.py:263
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig.py:254
+#: src/config/SSSDConfig.py:264
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig.py:258
+#: src/config/SSSDConfig.py:267
+msgid "Lower bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:268
+msgid "Upper bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:269
+msgid "Number of IDs for each slice when ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:270
+msgid "Use autorid-compatible algorithm for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:271
+msgid "Name of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:272
+msgid "SID of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:275
msgid "Policy to evaluate the password expiration"
msgstr "Politica para avaliar a expiração da senha"
-#: src/config/SSSDConfig.py:261
+#: src/config/SSSDConfig.py:278
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:262
+#: src/config/SSSDConfig.py:279
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:263
+#: src/config/SSSDConfig.py:280
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:266
+#: src/config/SSSDConfig.py:283
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:267
+#: src/config/SSSDConfig.py:284
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:270
+#: src/config/SSSDConfig.py:287
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig.py:271
+#: src/config/SSSDConfig.py:288
msgid "Enable periodical update of all sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:272
+#: src/config/SSSDConfig.py:289
msgid "Length of time between rules updates"
msgstr ""
-#: src/config/SSSDConfig.py:273
+#: src/config/SSSDConfig.py:290
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:274
+#: src/config/SSSDConfig.py:291
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig.py:275
+#: src/config/SSSDConfig.py:292
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig.py:276
+#: src/config/SSSDConfig.py:293
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig.py:277
+#: src/config/SSSDConfig.py:294
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig.py:278
+#: src/config/SSSDConfig.py:295
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig.py:279
+#: src/config/SSSDConfig.py:296
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig.py:280
+#: src/config/SSSDConfig.py:297
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig.py:281
+#: src/config/SSSDConfig.py:298
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig.py:282
+#: src/config/SSSDConfig.py:299
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig.py:283
+#: src/config/SSSDConfig.py:300
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig.py:286
+#: src/config/SSSDConfig.py:303
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig.py:287
+#: src/config/SSSDConfig.py:304
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig.py:288
+#: src/config/SSSDConfig.py:305
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig.py:289
+#: src/config/SSSDConfig.py:306
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig.py:290
+#: src/config/SSSDConfig.py:307
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig.py:291
+#: src/config/SSSDConfig.py:308
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig.py:294
+#: src/config/SSSDConfig.py:311
msgid "Comma separated list of allowed users"
msgstr "Lista de utilizadores autorizados separados por vírgulas"
-#: src/config/SSSDConfig.py:295
+#: src/config/SSSDConfig.py:312
msgid "Comma separated list of prohibited users"
msgstr "Lista de utilizadores não autorizados separados por vírgulas"
-#: src/config/SSSDConfig.py:298
+#: src/config/SSSDConfig.py:315
msgid "Default shell, /bin/bash"
msgstr "Shell pré-definida, /bin/bash"
-#: src/config/SSSDConfig.py:299
+#: src/config/SSSDConfig.py:316
msgid "Base for home directories"
msgstr "Directório base para as pastas pessoais"
-#: src/config/SSSDConfig.py:302
+#: src/config/SSSDConfig.py:319
msgid "The name of the NSS library to use"
msgstr "O nome da biblioteca NSS a utilizar"
-#: src/config/SSSDConfig.py:305
+#: src/config/SSSDConfig.py:320
+msgid "Whether to look up canonical group name from cache if possible"
+msgstr ""
+
+#: src/config/SSSDConfig.py:323
msgid "PAM stack to use"
msgstr "Stack PAM a utilizar"
-#: src/monitor/monitor.c:2379
+#: src/monitor/monitor.c:2398
msgid "Become a daemon (default)"
msgstr "Tornar-se num serviço (omissão)"
-#: src/monitor/monitor.c:2381
+#: src/monitor/monitor.c:2400
msgid "Run interactive (not a daemon)"
msgstr "Executar interactivamente (não como serviço)"
-#: src/monitor/monitor.c:2383 src/tools/sss_debuglevel.c:77
+#: src/monitor/monitor.c:2402 src/tools/sss_debuglevel.c:77
msgid "Specify a non-default config file"
msgstr "Especificar um ficheiro de configuração não standard"
-#: src/monitor/monitor.c:2385
+#: src/monitor/monitor.c:2404
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381
-#: src/util/util.h:89
+#: src/providers/krb5/krb5_child.c:1606 src/providers/ldap/ldap_child.c:402
+#: src/util/util.h:91
msgid "Debug level"
msgstr "Nível de depuração"
-#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1608 src/providers/ldap/ldap_child.c:404
+#: src/util/util.h:95
msgid "Add debug timestamps"
msgstr "Adicionar tempos na depuração"
-#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385
-#: src/util/util.h:95
+#: src/providers/krb5/krb5_child.c:1610 src/providers/ldap/ldap_child.c:406
+#: src/util/util.h:97
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387
+#: src/providers/krb5/krb5_child.c:1612 src/providers/ldap/ldap_child.c:408
msgid "An open file descriptor for the debug logs"
msgstr "Um descritor de ficheiro aberto para os registos de depuração"
-#: src/providers/data_provider_be.c:2016
+#: src/providers/data_provider_be.c:2217
msgid "Domain of the information provider (mandatory)"
msgstr "Domínio do fornecedor de informação (obrigatório)"
@@ -921,95 +980,96 @@ msgstr ""
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:378
+#: src/sss_client/pam_sss.c:379
msgid "Passwords do not match"
msgstr "Senhas não coincidem"
-#: src/sss_client/pam_sss.c:571
+#: src/sss_client/pam_sss.c:567
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:612
+#: src/sss_client/pam_sss.c:608
msgid "Authenticated with cached credentials"
msgstr ""
-#: src/sss_client/pam_sss.c:613
+#: src/sss_client/pam_sss.c:609
msgid ", your cached password will expire at: "
msgstr ", a sua senha guardada em cache irá expirar em: "
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:639
#, c-format
msgid "Your password has expired. You have %d grace login(s) remaining."
msgstr "A sua senha expirou. Restam-lhe %d sessões de tolerância."
-#: src/sss_client/pam_sss.c:689
+#: src/sss_client/pam_sss.c:685
#, c-format
msgid "Your password will expire in %d %s."
msgstr "A sua senha irá expirar em %d %s."
-#: src/sss_client/pam_sss.c:738
+#: src/sss_client/pam_sss.c:734
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:759
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr "O sistema está offline, a mudança de senha não é possível"
-#: src/sss_client/pam_sss.c:789 src/sss_client/pam_sss.c:802
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr "Alteração da senha falhou."
-#: src/sss_client/pam_sss.c:792 src/sss_client/pam_sss.c:803
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr "Mensagem do Servidor: "
-#: src/sss_client/pam_sss.c:1286
+#: src/sss_client/pam_sss.c:1288
msgid "New Password: "
msgstr "Nova Senha: "
-#: src/sss_client/pam_sss.c:1287
+#: src/sss_client/pam_sss.c:1289
msgid "Reenter new Password: "
msgstr "Digite a senha novamente: "
-#: src/sss_client/pam_sss.c:1373
+#: src/sss_client/pam_sss.c:1375
msgid "Password: "
msgstr "Senha: "
-#: src/sss_client/pam_sss.c:1405
+#: src/sss_client/pam_sss.c:1407
msgid "Current Password: "
msgstr "Senha actual: "
-#: src/sss_client/pam_sss.c:1552
+#: src/sss_client/pam_sss.c:1554
msgid "Password expired. Change your password now."
msgstr "A senha expirou. Altere a sua senha agora."
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:211 src/tools/sss_useradd.c:48
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:43
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:615
#: src/tools/sss_userdel.c:131 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:254 src/tools/sss_debuglevel.c:75
+#: src/tools/sss_cache.c:321 src/tools/sss_debuglevel.c:75
msgid "The debug level to run with"
msgstr "O nível de depuração a utilizar durante a execução"
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:215
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:199
msgid "The SSSD domain to use"
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:58
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:229 src/tools/sss_useradd.c:71
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:216 src/tools/sss_useradd.c:71
#: src/tools/sss_groupadd.c:56 src/tools/sss_groupdel.c:52
#: src/tools/sss_groupmod.c:63 src/tools/sss_groupshow.c:626
#: src/tools/sss_userdel.c:148 src/tools/sss_usermod.c:72
-#: src/tools/sss_cache.c:275
+#: src/tools/sss_cache.c:352
msgid "Error setting the locale\n"
msgstr "Erro ao definir a configuração regional\n"
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:65
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:91
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:236
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:269
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:115
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:223
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:283
msgid "Not enough memory\n"
msgstr ""
@@ -1017,35 +1077,43 @@ msgstr ""
msgid "User not specified\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:104
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:282
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:105
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:297
msgid "Error looking up public keys\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:94
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:76
msgid "Failed to open a socket\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:104
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:86
msgid "Failed to connect to the server\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:179
msgid "Failed to execute proxy command\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:213
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:197
msgid "The port to use to connect to the host"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:255
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:242
msgid "Host not specified\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:261
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:248
msgid "The path to the proxy command must be absolute\n"
msgstr ""
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:263
+msgid "Host name cannot be resolved\n"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:274
+msgid "Reverse lookup failed\n"
+msgstr ""
+
#: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
msgid "The UID of the user"
msgstr "O UID do utilizador"
@@ -1442,44 +1510,87 @@ msgstr "Incapaz de modificar utilizador - utilizador já é membro de grupos?\n"
msgid "Transaction error. Could not modify user.\n"
msgstr "Erro na transacção. Não foi possível modificar o utilizador.\n"
-#: src/tools/sss_cache.c:132
+#: src/tools/sss_cache.c:138
+msgid "No cache object matched the specified search\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:172
+#, c-format
+msgid "No such %s named %s, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:175
+#, c-format
+msgid "No objects of type %s in the cache, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:187
#, c-format
msgid "Couldn't invalidate %s"
msgstr ""
-#: src/tools/sss_cache.c:138
+#: src/tools/sss_cache.c:194
#, c-format
msgid "Couldn't invalidate %s %s"
msgstr ""
-#: src/tools/sss_cache.c:256
+#: src/tools/sss_cache.c:323
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:258
+#: src/tools/sss_cache.c:325
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:260
+#: src/tools/sss_cache.c:327
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:262
+#: src/tools/sss_cache.c:329
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:264
+#: src/tools/sss_cache.c:331
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:266
+#: src/tools/sss_cache.c:333
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:268
+#: src/tools/sss_cache.c:335
+msgid "Invalidate particular service"
+msgstr ""
+
+#: src/tools/sss_cache.c:337
+msgid "Invalidate all services"
+msgstr ""
+
+#: src/tools/sss_cache.c:340
+msgid "Invalidate particular autofs map"
+msgstr ""
+
+#: src/tools/sss_cache.c:342
+msgid "Invalidate all autofs maps"
+msgstr ""
+
+#: src/tools/sss_cache.c:345
msgid "Only invalidate entries from a particular domain"
msgstr ""
+#: src/tools/sss_cache.c:384
+msgid "Please select at least one object to invalidate\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:455
+#, c-format
+msgid "Could not open domain %s\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:457
+msgid "Could not open available domains\n"
+msgstr ""
+
#: src/tools/sss_debuglevel.c:43
msgid "\n"
msgstr ""
@@ -1497,6 +1608,6 @@ msgstr "Memória esgotada\n"
msgid "%s must be run as root\n"
msgstr "%s tem de executar como root\n"
-#: src/util/util.h:91
+#: src/util/util.h:93
msgid "Send the debug output to files instead of stderr"
msgstr "Enviar o resultado de depuração para ficheiro em vez do stderr"
diff --git a/po/ru.po b/po/ru.po
index d61e27eaa..15abf7cca 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -7,8 +7,8 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2012-03-12 16:37-0400\n"
-"PO-Revision-Date: 2012-03-08 11:41+0000\n"
+"POT-Creation-Date: 2012-05-11 14:59-0400\n"
+"PO-Revision-Date: 2012-04-20 16:09+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: Russian <trans-ru@lists.fedoraproject.org>\n"
"Language: ru\n"
@@ -39,101 +39,115 @@ msgid "Ping timeout before restarting service"
msgstr "Тайм-аут ping до перезапуска службы"
#: src/config/SSSDConfig.py:44
+msgid ""
+"Timeout between three failed ping checks and forcibly killing the service"
+msgstr ""
+
+#: src/config/SSSDConfig.py:45
msgid "Command to start service"
msgstr "Команда для запуска службы"
-#: src/config/SSSDConfig.py:45
+#: src/config/SSSDConfig.py:46
msgid "Number of times to attempt connection to Data Providers"
msgstr "Количество попыток подключения к поставщикам данных"
-#: src/config/SSSDConfig.py:46
+#: src/config/SSSDConfig.py:47
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig.py:49
+#: src/config/SSSDConfig.py:50
msgid "SSSD Services to start"
msgstr "SSSD службы для запуска"
-#: src/config/SSSDConfig.py:50
+#: src/config/SSSDConfig.py:51
msgid "SSSD Domains to start"
msgstr "SSSD домены для запуска"
-#: src/config/SSSDConfig.py:51
+#: src/config/SSSDConfig.py:52
msgid "Timeout for messages sent over the SBUS"
msgstr "Тайм-аут для сообщений, отправленных через SBUS"
-#: src/config/SSSDConfig.py:52
+#: src/config/SSSDConfig.py:53
msgid "Regex to parse username and domain"
msgstr "Разбирать имя пользователя и домен с помощью регулярных выражений"
-#: src/config/SSSDConfig.py:53
+#: src/config/SSSDConfig.py:54
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr "Отображать полные имена в формате, совместимом с printf"
-#: src/config/SSSDConfig.py:54
+#: src/config/SSSDConfig.py:55
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig.py:57
+#: src/config/SSSDConfig.py:58
msgid "Enumeration cache timeout length (seconds)"
msgstr "Длина тайм-аута кэша перечисления (в секундах)"
-#: src/config/SSSDConfig.py:58
+#: src/config/SSSDConfig.py:59
msgid "Entry cache background update timeout length (seconds)"
msgstr "Тайм-аут фонового обновления элемента списка кэша (в секундах)"
-#: src/config/SSSDConfig.py:59 src/config/SSSDConfig.py:82
+#: src/config/SSSDConfig.py:60 src/config/SSSDConfig.py:85
msgid "Negative cache timeout length (seconds)"
msgstr "Отрицательная длина тайм-аута кэша (в секундах)"
-#: src/config/SSSDConfig.py:60
+#: src/config/SSSDConfig.py:61
msgid "Users that SSSD should explicitly ignore"
msgstr "Пользователи, которых SSSD должен явно игнорировать "
-#: src/config/SSSDConfig.py:61
+#: src/config/SSSDConfig.py:62
msgid "Groups that SSSD should explicitly ignore"
msgstr "Группы, которые SSSD должен явно игнорировать "
-#: src/config/SSSDConfig.py:62
+#: src/config/SSSDConfig.py:63
msgid "Should filtered users appear in groups"
msgstr "Должны ли отфильтрованные пользователи появляться в группах"
-#: src/config/SSSDConfig.py:63
+#: src/config/SSSDConfig.py:64
msgid "The value of the password field the NSS provider should return"
msgstr "Значение поля пароля, которое должен вернуть поставщик NSS"
-#: src/config/SSSDConfig.py:64
+#: src/config/SSSDConfig.py:65
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:65
+#: src/config/SSSDConfig.py:66
+msgid ""
+"Substitute empty homedir value from the identity provider with this value"
+msgstr ""
+
+#: src/config/SSSDConfig.py:67
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig.py:66
+#: src/config/SSSDConfig.py:68
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig.py:67
+#: src/config/SSSDConfig.py:69
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
#: src/config/SSSDConfig.py:70
+msgid "Shell to use if the provider does not list one"
+msgstr ""
+
+#: src/config/SSSDConfig.py:73
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
"Разрешённый интервал кэшированных входов между интерактивными входами (в "
"днях)"
-#: src/config/SSSDConfig.py:71
+#: src/config/SSSDConfig.py:74
msgid "How many failed logins attempts are allowed when offline"
msgstr "Разрешённое количество неудачных попыток неинтерактивного входа"
-#: src/config/SSSDConfig.py:72
+#: src/config/SSSDConfig.py:75
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
@@ -141,759 +155,804 @@ msgstr ""
"Временной интервал (в минутах), в течение которого будет запрещён вход после "
"достижения offline_failed_login_attempts"
-#: src/config/SSSDConfig.py:73
+#: src/config/SSSDConfig.py:76
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig.py:74
+#: src/config/SSSDConfig.py:77
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig.py:75
+#: src/config/SSSDConfig.py:78
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig.py:78
+#: src/config/SSSDConfig.py:81
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:79
+#: src/config/SSSDConfig.py:82
msgid ""
"How many seconds to keep sudorules cached before asking the provider again"
msgstr ""
-#: src/config/SSSDConfig.py:85
+#: src/config/SSSDConfig.py:88
+msgid "Whether to hash host names and adresses in the known_hosts file"
+msgstr ""
+
+#: src/config/SSSDConfig.py:91
msgid "Identity provider"
msgstr "Поставщик данных для идентификации"
-#: src/config/SSSDConfig.py:86
+#: src/config/SSSDConfig.py:92
msgid "Authentication provider"
msgstr "Поставщик данных для проверки подлинности"
-#: src/config/SSSDConfig.py:87
+#: src/config/SSSDConfig.py:93
msgid "Access control provider"
msgstr "Поставщик данных для контроля доступа"
-#: src/config/SSSDConfig.py:88
+#: src/config/SSSDConfig.py:94
msgid "Password change provider"
msgstr "Поставщик операции смены пароля"
-#: src/config/SSSDConfig.py:89
+#: src/config/SSSDConfig.py:95
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig.py:90
+#: src/config/SSSDConfig.py:96
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig.py:91
+#: src/config/SSSDConfig.py:97
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig.py:92
+#: src/config/SSSDConfig.py:98
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig.py:95
+#: src/config/SSSDConfig.py:101
msgid "Minimum user ID"
msgstr "Минимальный ID пользователя"
-#: src/config/SSSDConfig.py:96
+#: src/config/SSSDConfig.py:102
msgid "Maximum user ID"
msgstr "Максимальный ID пользователя"
-#: src/config/SSSDConfig.py:97
+#: src/config/SSSDConfig.py:103
msgid "Enable enumerating all users/groups"
msgstr "Включить перечисление всех пользователей/групп"
-#: src/config/SSSDConfig.py:98
+#: src/config/SSSDConfig.py:104
msgid "Cache credentials for offline login"
msgstr "Кэшировать учётные данные для неинтерактивного входа"
-#: src/config/SSSDConfig.py:99
+#: src/config/SSSDConfig.py:105
msgid "Store password hashes"
msgstr "Хранить хеши паролей"
-#: src/config/SSSDConfig.py:100
+#: src/config/SSSDConfig.py:106
msgid "Display users/groups in fully-qualified form"
msgstr "Отображать пользователей/группы в полной форме"
-#: src/config/SSSDConfig.py:101 src/config/SSSDConfig.py:108
-#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
-#: src/config/SSSDConfig.py:111 src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:115 src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:117 src/config/SSSDConfig.py:118
msgid "Entry cache timeout length (seconds)"
msgstr "Тайм-аут элемента списка кэша (в секундах)"
-#: src/config/SSSDConfig.py:102
+#: src/config/SSSDConfig.py:108
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
"Ограничивать или предпочитать определённое семейство адресов при выполнении "
"запросов DNS"
-#: src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:109
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
"Как долго хранить кэшированные элементы списка после последнего успешного "
"входа (в днях)"
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:110
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:111
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig.py:106
+#: src/config/SSSDConfig.py:112
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:107
+#: src/config/SSSDConfig.py:113
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:121
msgid "IPA domain"
msgstr "IPA-домен"
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:122
msgid "IPA server address"
msgstr "адрес сервера IPA"
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:123
msgid "IPA client hostname"
msgstr "имя узла клиента IPA"
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:124
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:125
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:126
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:127
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:128
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:129
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:130
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig.py:127 src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:133 src/config/SSSDConfig.py:134
msgid "Kerberos server address"
msgstr "Имя сервера Kerberos"
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:135
msgid "Kerberos realm"
msgstr "Область действия Kerberos"
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:136
msgid "Authentication timeout"
msgstr "Тайм-аут проверки подлинности"
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:139
msgid "Directory to store credential caches"
msgstr "Каталог для хранения кэшей учётных данных"
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:140
msgid "Location of the user's credential cache"
msgstr "Расположения кэша учётных данных пользователей"
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:141
msgid "Location of the keytab to validate credentials"
msgstr "Расположение keytab-файла для проверки учётных данных"
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:142
msgid "Enable credential validation"
msgstr "Включить проверку учётных данных"
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:143
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:144
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:146
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:147
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:148
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:149
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:152
msgid "Server where the change password service is running if not on the KDC"
msgstr "Сервер, на котором запущена служба смены пароля (если не на KDC)"
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:155
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, URI сервера LDAP "
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:156
msgid "The default base DN"
msgstr "Base DN по умолчанию"
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:157
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Тип схемы, используемой на LDAP-сервере, rfc2307"
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:158
msgid "The default bind DN"
msgstr "Bind DN по умолчанию"
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:159
msgid "The type of the authentication token of the default bind DN"
msgstr "Тип маркера проверки подлинности для bind DN по умолчанию"
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:160
msgid "The authentication token of the default bind DN"
msgstr "Маркер проверки подлинности для bind DN по умолчанию"
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:161
msgid "Length of time to attempt connection"
msgstr "Временной интервал для попытки соединения"
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:162
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Временной интервал для попытки синхронизации операций LDAP"
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:163
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
"Временной интервал между попытками возобновления соединения в автономного "
"режиме"
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:164
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:165
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:166
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:167
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:168
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:169
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:170
msgid "Require TLS certificate verification"
msgstr "Требуется проверка сертификата TLS"
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:171
msgid "Specify the sasl mechanism to use"
msgstr "Укажите механизм sasl"
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:172
msgid "Specify the sasl authorization id to use"
msgstr "Укажите идентификатор авторизации sasl"
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:173
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:174
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:175
msgid "Kerberos service keytab"
msgstr "Keytab-файл службы Kerberos"
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:176
msgid "Use Kerberos auth for LDAP connection"
msgstr "Использовать проверку подлинности Kerberos для LDAP-соединения"
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:177
msgid "Follow LDAP referrals"
msgstr "Следовать ссылкам LDAP"
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:178
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:179
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:180
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:181
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:182
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:183
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:185
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:186
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:188
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:190
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:193
msgid "Length of time to wait for a search request"
msgstr "Временной интервал, в течение которого ожидать поискового запроса"
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:194
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:195
msgid "Length of time between enumeration updates"
msgstr "Временной интервал между обновлениями перечисления"
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:196
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:197
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:198
+msgid "Use ID-mapping of objectSID instead of pre-set IDs"
+msgstr ""
+
+#: src/config/SSSDConfig.py:199
msgid "Base DN for user lookups"
msgstr "Base DN для поиска"
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:200
msgid "Scope of user lookups"
msgstr "Глубина поиска"
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:201
msgid "Filter for user lookups"
msgstr "Фильтр поиска"
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:202
msgid "Objectclass for users"
msgstr "Objectclass для пользователей"
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:203
msgid "Username attribute"
msgstr "Атрибут «username»"
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:205
msgid "UID attribute"
msgstr "Атрибут «UID»"
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:206
msgid "Primary GID attribute"
msgstr "Атрибут «primary GID»"
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:207
msgid "GECOS attribute"
msgstr "Атрибут «GECOS»"
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:208
msgid "Home directory attribute"
msgstr "Атрибут домашнего каталога"
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:209
msgid "Shell attribute"
msgstr "Атрибут оболочки"
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:210
msgid "UUID attribute"
msgstr "Атрибут «UUID»"
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:211 src/config/SSSDConfig.py:247
+#, fuzzy
+msgid "objectSID attribute"
+msgstr "Атрибут «UID»"
+
+#: src/config/SSSDConfig.py:212
+msgid "Active Directory primary group attribute for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:213
msgid "User principal attribute (for Kerberos)"
msgstr "Атрибут участника-пользователя (для Kerberos)"
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:214
msgid "Full Name"
msgstr "Полное имя"
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:215
msgid "memberOf attribute"
msgstr "Атрибут memberOf"
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:216
msgid "Modification time attribute"
msgstr "Атрибут времени изменения"
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:218
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:219
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:220
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:221
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:213
+#: src/config/SSSDConfig.py:222
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:223
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:224
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:225
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:226
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:227
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:228
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:229
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:230
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:231
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:232
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:233
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:234
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:226
+#: src/config/SSSDConfig.py:235
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:236
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:238
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:232
+#: src/config/SSSDConfig.py:241
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:242
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:243
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:235
+#: src/config/SSSDConfig.py:244
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:236
+#: src/config/SSSDConfig.py:245
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:246
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:248
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:240
+#: src/config/SSSDConfig.py:250
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:252
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:243
+#: src/config/SSSDConfig.py:253
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:244
+#: src/config/SSSDConfig.py:254
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:255
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:246
+#: src/config/SSSDConfig.py:256
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:247
+#: src/config/SSSDConfig.py:257
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:258
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:250
+#: src/config/SSSDConfig.py:260
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:251
+#: src/config/SSSDConfig.py:261
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig.py:252
+#: src/config/SSSDConfig.py:262
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig.py:253
+#: src/config/SSSDConfig.py:263
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig.py:254
+#: src/config/SSSDConfig.py:264
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig.py:258
+#: src/config/SSSDConfig.py:267
+msgid "Lower bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:268
+msgid "Upper bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:269
+msgid "Number of IDs for each slice when ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:270
+msgid "Use autorid-compatible algorithm for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:271
+msgid "Name of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:272
+msgid "SID of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:275
msgid "Policy to evaluate the password expiration"
msgstr "Политика вычисления окончания срока действия пароля"
-#: src/config/SSSDConfig.py:261
+#: src/config/SSSDConfig.py:278
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:262
+#: src/config/SSSDConfig.py:279
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:263
+#: src/config/SSSDConfig.py:280
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:266
+#: src/config/SSSDConfig.py:283
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:267
+#: src/config/SSSDConfig.py:284
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:270
+#: src/config/SSSDConfig.py:287
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig.py:271
+#: src/config/SSSDConfig.py:288
msgid "Enable periodical update of all sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:272
+#: src/config/SSSDConfig.py:289
msgid "Length of time between rules updates"
msgstr ""
-#: src/config/SSSDConfig.py:273
+#: src/config/SSSDConfig.py:290
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:274
+#: src/config/SSSDConfig.py:291
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig.py:275
+#: src/config/SSSDConfig.py:292
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig.py:276
+#: src/config/SSSDConfig.py:293
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig.py:277
+#: src/config/SSSDConfig.py:294
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig.py:278
+#: src/config/SSSDConfig.py:295
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig.py:279
+#: src/config/SSSDConfig.py:296
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig.py:280
+#: src/config/SSSDConfig.py:297
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig.py:281
+#: src/config/SSSDConfig.py:298
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig.py:282
+#: src/config/SSSDConfig.py:299
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig.py:283
+#: src/config/SSSDConfig.py:300
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig.py:286
+#: src/config/SSSDConfig.py:303
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig.py:287
+#: src/config/SSSDConfig.py:304
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig.py:288
+#: src/config/SSSDConfig.py:305
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig.py:289
+#: src/config/SSSDConfig.py:306
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig.py:290
+#: src/config/SSSDConfig.py:307
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig.py:291
+#: src/config/SSSDConfig.py:308
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig.py:294
+#: src/config/SSSDConfig.py:311
msgid "Comma separated list of allowed users"
msgstr "Разделённый запятыми список разрешённых пользователей"
-#: src/config/SSSDConfig.py:295
+#: src/config/SSSDConfig.py:312
msgid "Comma separated list of prohibited users"
msgstr "Разделённый запятыми список запрещённых пользователей"
-#: src/config/SSSDConfig.py:298
+#: src/config/SSSDConfig.py:315
msgid "Default shell, /bin/bash"
msgstr "Оболочка по умолчанию, /bin/bash"
-#: src/config/SSSDConfig.py:299
+#: src/config/SSSDConfig.py:316
msgid "Base for home directories"
msgstr "Место для домашних каталогов"
-#: src/config/SSSDConfig.py:302
+#: src/config/SSSDConfig.py:319
msgid "The name of the NSS library to use"
msgstr "Имя используемой библиотеки NSS"
-#: src/config/SSSDConfig.py:305
+#: src/config/SSSDConfig.py:320
+msgid "Whether to look up canonical group name from cache if possible"
+msgstr ""
+
+#: src/config/SSSDConfig.py:323
msgid "PAM stack to use"
msgstr "Используемый стек PAM"
-#: src/monitor/monitor.c:2379
+#: src/monitor/monitor.c:2398
msgid "Become a daemon (default)"
msgstr "Запускаться в качестве службы (по умолчанию)"
-#: src/monitor/monitor.c:2381
+#: src/monitor/monitor.c:2400
msgid "Run interactive (not a daemon)"
msgstr "Запускаться интерактивно (не службой)"
-#: src/monitor/monitor.c:2383 src/tools/sss_debuglevel.c:77
+#: src/monitor/monitor.c:2402 src/tools/sss_debuglevel.c:77
msgid "Specify a non-default config file"
msgstr "Указать файл конфигурации"
-#: src/monitor/monitor.c:2385
+#: src/monitor/monitor.c:2404
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381
-#: src/util/util.h:89
+#: src/providers/krb5/krb5_child.c:1606 src/providers/ldap/ldap_child.c:402
+#: src/util/util.h:91
msgid "Debug level"
msgstr "Уровень отладки"
-#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1608 src/providers/ldap/ldap_child.c:404
+#: src/util/util.h:95
msgid "Add debug timestamps"
msgstr "Добавить отладочные отметки времени"
-#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385
-#: src/util/util.h:95
+#: src/providers/krb5/krb5_child.c:1610 src/providers/ldap/ldap_child.c:406
+#: src/util/util.h:97
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387
+#: src/providers/krb5/krb5_child.c:1612 src/providers/ldap/ldap_child.c:408
msgid "An open file descriptor for the debug logs"
msgstr "Открытый дескриптор файла для журналов отладки"
-#: src/providers/data_provider_be.c:2016
+#: src/providers/data_provider_be.c:2217
msgid "Domain of the information provider (mandatory)"
msgstr "Домен поставщика информации (обязательный)"
@@ -921,95 +980,96 @@ msgstr ""
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:378
+#: src/sss_client/pam_sss.c:379
msgid "Passwords do not match"
msgstr "Пароли не совпадают"
-#: src/sss_client/pam_sss.c:571
+#: src/sss_client/pam_sss.c:567
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:612
+#: src/sss_client/pam_sss.c:608
msgid "Authenticated with cached credentials"
msgstr ""
-#: src/sss_client/pam_sss.c:613
+#: src/sss_client/pam_sss.c:609
msgid ", your cached password will expire at: "
msgstr ", срок действия вашего кэшированного пароль истечёт:"
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:639
#, c-format
msgid "Your password has expired. You have %d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:689
+#: src/sss_client/pam_sss.c:685
#, c-format
msgid "Your password will expire in %d %s."
msgstr ""
-#: src/sss_client/pam_sss.c:738
+#: src/sss_client/pam_sss.c:734
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:759
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr "Система находится в автономном режиме, невозможно сменить пароль"
-#: src/sss_client/pam_sss.c:789 src/sss_client/pam_sss.c:802
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr "Не удалось сменить пароль."
-#: src/sss_client/pam_sss.c:792 src/sss_client/pam_sss.c:803
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr "Сообщение сервера:"
-#: src/sss_client/pam_sss.c:1286
+#: src/sss_client/pam_sss.c:1288
msgid "New Password: "
msgstr "Новый пароль:"
-#: src/sss_client/pam_sss.c:1287
+#: src/sss_client/pam_sss.c:1289
msgid "Reenter new Password: "
msgstr "Введите новый пароль ещё раз:"
-#: src/sss_client/pam_sss.c:1373
+#: src/sss_client/pam_sss.c:1375
msgid "Password: "
msgstr "Пароль:"
-#: src/sss_client/pam_sss.c:1405
+#: src/sss_client/pam_sss.c:1407
msgid "Current Password: "
msgstr "Текущий пароль:"
-#: src/sss_client/pam_sss.c:1552
+#: src/sss_client/pam_sss.c:1554
msgid "Password expired. Change your password now."
msgstr "Срок действия пароля истёк. Необходимо сейчас изменить ваш пароль."
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:211 src/tools/sss_useradd.c:48
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:43
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:615
#: src/tools/sss_userdel.c:131 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:254 src/tools/sss_debuglevel.c:75
+#: src/tools/sss_cache.c:321 src/tools/sss_debuglevel.c:75
msgid "The debug level to run with"
msgstr "Уровень отладки для запуска"
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:215
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:199
msgid "The SSSD domain to use"
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:58
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:229 src/tools/sss_useradd.c:71
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:216 src/tools/sss_useradd.c:71
#: src/tools/sss_groupadd.c:56 src/tools/sss_groupdel.c:52
#: src/tools/sss_groupmod.c:63 src/tools/sss_groupshow.c:626
#: src/tools/sss_userdel.c:148 src/tools/sss_usermod.c:72
-#: src/tools/sss_cache.c:275
+#: src/tools/sss_cache.c:352
msgid "Error setting the locale\n"
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:65
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:91
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:236
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:269
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:115
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:223
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:283
msgid "Not enough memory\n"
msgstr ""
@@ -1017,35 +1077,43 @@ msgstr ""
msgid "User not specified\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:104
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:282
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:105
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:297
msgid "Error looking up public keys\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:94
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:76
msgid "Failed to open a socket\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:104
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:86
msgid "Failed to connect to the server\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:179
msgid "Failed to execute proxy command\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:213
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:197
msgid "The port to use to connect to the host"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:255
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:242
msgid "Host not specified\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:261
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:248
msgid "The path to the proxy command must be absolute\n"
msgstr ""
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:263
+msgid "Host name cannot be resolved\n"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:274
+msgid "Reverse lookup failed\n"
+msgstr ""
+
#: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
msgid "The UID of the user"
msgstr "UID пользователя"
@@ -1436,44 +1504,87 @@ msgstr "Не удалось изменить пользователя — он
msgid "Transaction error. Could not modify user.\n"
msgstr "Ошибка в транзакции. Не удалось изменить пользователя.\n"
-#: src/tools/sss_cache.c:132
+#: src/tools/sss_cache.c:138
+msgid "No cache object matched the specified search\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:172
+#, c-format
+msgid "No such %s named %s, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:175
+#, c-format
+msgid "No objects of type %s in the cache, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:187
#, c-format
msgid "Couldn't invalidate %s"
msgstr ""
-#: src/tools/sss_cache.c:138
+#: src/tools/sss_cache.c:194
#, c-format
msgid "Couldn't invalidate %s %s"
msgstr ""
-#: src/tools/sss_cache.c:256
+#: src/tools/sss_cache.c:323
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:258
+#: src/tools/sss_cache.c:325
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:260
+#: src/tools/sss_cache.c:327
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:262
+#: src/tools/sss_cache.c:329
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:264
+#: src/tools/sss_cache.c:331
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:266
+#: src/tools/sss_cache.c:333
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:268
+#: src/tools/sss_cache.c:335
+msgid "Invalidate particular service"
+msgstr ""
+
+#: src/tools/sss_cache.c:337
+msgid "Invalidate all services"
+msgstr ""
+
+#: src/tools/sss_cache.c:340
+msgid "Invalidate particular autofs map"
+msgstr ""
+
+#: src/tools/sss_cache.c:342
+msgid "Invalidate all autofs maps"
+msgstr ""
+
+#: src/tools/sss_cache.c:345
msgid "Only invalidate entries from a particular domain"
msgstr ""
+#: src/tools/sss_cache.c:384
+msgid "Please select at least one object to invalidate\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:455
+#, c-format
+msgid "Could not open domain %s\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:457
+msgid "Could not open available domains\n"
+msgstr ""
+
#: src/tools/sss_debuglevel.c:43
msgid "\n"
msgstr ""
@@ -1491,6 +1602,6 @@ msgstr "Недостаточно памяти\n"
msgid "%s must be run as root\n"
msgstr "%s должно выполняться от имени root\n"
-#: src/util/util.h:91
+#: src/util/util.h:93
msgid "Send the debug output to files instead of stderr"
msgstr "Отправлять отладочные сообщения в файлы, а не в stderr"
diff --git a/po/sssd.pot b/po/sssd.pot
index 40a2b0f14..547053bb2 100644
--- a/po/sssd.pot
+++ b/po/sssd.pot
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2012-03-12 16:37-0400\n"
+"POT-Creation-Date: 2012-05-11 14:59-0400\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -38,851 +38,909 @@ msgid "Ping timeout before restarting service"
msgstr ""
#: src/config/SSSDConfig.py:44
-msgid "Command to start service"
+msgid ""
+"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
#: src/config/SSSDConfig.py:45
-msgid "Number of times to attempt connection to Data Providers"
+msgid "Command to start service"
msgstr ""
#: src/config/SSSDConfig.py:46
+msgid "Number of times to attempt connection to Data Providers"
+msgstr ""
+
+#: src/config/SSSDConfig.py:47
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig.py:49
+#: src/config/SSSDConfig.py:50
msgid "SSSD Services to start"
msgstr ""
-#: src/config/SSSDConfig.py:50
+#: src/config/SSSDConfig.py:51
msgid "SSSD Domains to start"
msgstr ""
-#: src/config/SSSDConfig.py:51
+#: src/config/SSSDConfig.py:52
msgid "Timeout for messages sent over the SBUS"
msgstr ""
-#: src/config/SSSDConfig.py:52
+#: src/config/SSSDConfig.py:53
msgid "Regex to parse username and domain"
msgstr ""
-#: src/config/SSSDConfig.py:53
+#: src/config/SSSDConfig.py:54
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr ""
-#: src/config/SSSDConfig.py:54
+#: src/config/SSSDConfig.py:55
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig.py:57
+#: src/config/SSSDConfig.py:58
msgid "Enumeration cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:58
+#: src/config/SSSDConfig.py:59
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:59 src/config/SSSDConfig.py:82
+#: src/config/SSSDConfig.py:60 src/config/SSSDConfig.py:85
msgid "Negative cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:60
+#: src/config/SSSDConfig.py:61
msgid "Users that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig.py:61
+#: src/config/SSSDConfig.py:62
msgid "Groups that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig.py:62
+#: src/config/SSSDConfig.py:63
msgid "Should filtered users appear in groups"
msgstr ""
-#: src/config/SSSDConfig.py:63
+#: src/config/SSSDConfig.py:64
msgid "The value of the password field the NSS provider should return"
msgstr ""
-#: src/config/SSSDConfig.py:64
+#: src/config/SSSDConfig.py:65
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:65
+#: src/config/SSSDConfig.py:66
+msgid ""
+"Substitute empty homedir value from the identity provider with this value"
+msgstr ""
+
+#: src/config/SSSDConfig.py:67
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig.py:66
+#: src/config/SSSDConfig.py:68
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig.py:67
+#: src/config/SSSDConfig.py:69
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
#: src/config/SSSDConfig.py:70
+msgid "Shell to use if the provider does not list one"
+msgstr ""
+
+#: src/config/SSSDConfig.py:73
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
-#: src/config/SSSDConfig.py:71
+#: src/config/SSSDConfig.py:74
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
-#: src/config/SSSDConfig.py:72
+#: src/config/SSSDConfig.py:75
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
msgstr ""
-#: src/config/SSSDConfig.py:73
+#: src/config/SSSDConfig.py:76
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig.py:74
+#: src/config/SSSDConfig.py:77
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig.py:75
+#: src/config/SSSDConfig.py:78
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig.py:78
+#: src/config/SSSDConfig.py:81
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:79
+#: src/config/SSSDConfig.py:82
msgid ""
"How many seconds to keep sudorules cached before asking the provider again"
msgstr ""
-#: src/config/SSSDConfig.py:85
+#: src/config/SSSDConfig.py:88
+msgid "Whether to hash host names and adresses in the known_hosts file"
+msgstr ""
+
+#: src/config/SSSDConfig.py:91
msgid "Identity provider"
msgstr ""
-#: src/config/SSSDConfig.py:86
+#: src/config/SSSDConfig.py:92
msgid "Authentication provider"
msgstr ""
-#: src/config/SSSDConfig.py:87
+#: src/config/SSSDConfig.py:93
msgid "Access control provider"
msgstr ""
-#: src/config/SSSDConfig.py:88
+#: src/config/SSSDConfig.py:94
msgid "Password change provider"
msgstr ""
-#: src/config/SSSDConfig.py:89
+#: src/config/SSSDConfig.py:95
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig.py:90
+#: src/config/SSSDConfig.py:96
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig.py:91
+#: src/config/SSSDConfig.py:97
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig.py:92
+#: src/config/SSSDConfig.py:98
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig.py:95
+#: src/config/SSSDConfig.py:101
msgid "Minimum user ID"
msgstr ""
-#: src/config/SSSDConfig.py:96
+#: src/config/SSSDConfig.py:102
msgid "Maximum user ID"
msgstr ""
-#: src/config/SSSDConfig.py:97
+#: src/config/SSSDConfig.py:103
msgid "Enable enumerating all users/groups"
msgstr ""
-#: src/config/SSSDConfig.py:98
+#: src/config/SSSDConfig.py:104
msgid "Cache credentials for offline login"
msgstr ""
-#: src/config/SSSDConfig.py:99
+#: src/config/SSSDConfig.py:105
msgid "Store password hashes"
msgstr ""
-#: src/config/SSSDConfig.py:100
+#: src/config/SSSDConfig.py:106
msgid "Display users/groups in fully-qualified form"
msgstr ""
-#: src/config/SSSDConfig.py:101 src/config/SSSDConfig.py:108
-#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
-#: src/config/SSSDConfig.py:111 src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:115 src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:117 src/config/SSSDConfig.py:118
msgid "Entry cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:102
+#: src/config/SSSDConfig.py:108
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
-#: src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:109
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:110
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:111
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig.py:106
+#: src/config/SSSDConfig.py:112
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:107
+#: src/config/SSSDConfig.py:113
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:121
msgid "IPA domain"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:122
msgid "IPA server address"
msgstr ""
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:123
msgid "IPA client hostname"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:124
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:125
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:126
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:127
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:128
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:129
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:130
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig.py:127 src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:133 src/config/SSSDConfig.py:134
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:135
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:136
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:139
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:140
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:141
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:142
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:143
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:144
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:146
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:147
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:148
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:149
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:152
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:155
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:156
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:157
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:158
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:159
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:160
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:161
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:162
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:163
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:164
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:165
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:166
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:167
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:168
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:169
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:170
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:171
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:172
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:173
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:174
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:175
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:176
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:177
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:178
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:179
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:180
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:181
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:182
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:183
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:185
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:186
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:188
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:190
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:193
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:194
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:195
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:196
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:197
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:198
+msgid "Use ID-mapping of objectSID instead of pre-set IDs"
+msgstr ""
+
+#: src/config/SSSDConfig.py:199
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:200
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:201
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:202
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:203
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:205
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:206
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:207
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:208
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:209
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:210
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:211 src/config/SSSDConfig.py:247
+msgid "objectSID attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:212
+msgid "Active Directory primary group attribute for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:213
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:214
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:215
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:216
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:218
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:219
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:220
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:221
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:213
+#: src/config/SSSDConfig.py:222
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:223
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:224
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:225
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:226
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:227
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:228
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:229
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:230
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:231
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:232
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:233
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:234
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:226
+#: src/config/SSSDConfig.py:235
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:236
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:238
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:232
+#: src/config/SSSDConfig.py:241
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:242
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:243
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:235
+#: src/config/SSSDConfig.py:244
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:236
+#: src/config/SSSDConfig.py:245
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:246
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:248
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:240
+#: src/config/SSSDConfig.py:250
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:252
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:243
+#: src/config/SSSDConfig.py:253
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:244
+#: src/config/SSSDConfig.py:254
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:255
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:246
+#: src/config/SSSDConfig.py:256
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:247
+#: src/config/SSSDConfig.py:257
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:258
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:250
+#: src/config/SSSDConfig.py:260
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:251
+#: src/config/SSSDConfig.py:261
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig.py:252
+#: src/config/SSSDConfig.py:262
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig.py:253
+#: src/config/SSSDConfig.py:263
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig.py:254
+#: src/config/SSSDConfig.py:264
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig.py:258
+#: src/config/SSSDConfig.py:267
+msgid "Lower bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:268
+msgid "Upper bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:269
+msgid "Number of IDs for each slice when ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:270
+msgid "Use autorid-compatible algorithm for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:271
+msgid "Name of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:272
+msgid "SID of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:275
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:261
+#: src/config/SSSDConfig.py:278
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:262
+#: src/config/SSSDConfig.py:279
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:263
+#: src/config/SSSDConfig.py:280
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:266
+#: src/config/SSSDConfig.py:283
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:267
+#: src/config/SSSDConfig.py:284
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:270
+#: src/config/SSSDConfig.py:287
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig.py:271
+#: src/config/SSSDConfig.py:288
msgid "Enable periodical update of all sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:272
+#: src/config/SSSDConfig.py:289
msgid "Length of time between rules updates"
msgstr ""
-#: src/config/SSSDConfig.py:273
+#: src/config/SSSDConfig.py:290
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:274
+#: src/config/SSSDConfig.py:291
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig.py:275
+#: src/config/SSSDConfig.py:292
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig.py:276
+#: src/config/SSSDConfig.py:293
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig.py:277
+#: src/config/SSSDConfig.py:294
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig.py:278
+#: src/config/SSSDConfig.py:295
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig.py:279
+#: src/config/SSSDConfig.py:296
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig.py:280
+#: src/config/SSSDConfig.py:297
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig.py:281
+#: src/config/SSSDConfig.py:298
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig.py:282
+#: src/config/SSSDConfig.py:299
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig.py:283
+#: src/config/SSSDConfig.py:300
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig.py:286
+#: src/config/SSSDConfig.py:303
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig.py:287
+#: src/config/SSSDConfig.py:304
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig.py:288
+#: src/config/SSSDConfig.py:305
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig.py:289
+#: src/config/SSSDConfig.py:306
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig.py:290
+#: src/config/SSSDConfig.py:307
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig.py:291
+#: src/config/SSSDConfig.py:308
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig.py:294
+#: src/config/SSSDConfig.py:311
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:295
+#: src/config/SSSDConfig.py:312
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:298
+#: src/config/SSSDConfig.py:315
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:299
+#: src/config/SSSDConfig.py:316
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:302
+#: src/config/SSSDConfig.py:319
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:305
+#: src/config/SSSDConfig.py:320
+msgid "Whether to look up canonical group name from cache if possible"
+msgstr ""
+
+#: src/config/SSSDConfig.py:323
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2379
+#: src/monitor/monitor.c:2398
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2381
+#: src/monitor/monitor.c:2400
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2383 src/tools/sss_debuglevel.c:77
+#: src/monitor/monitor.c:2402 src/tools/sss_debuglevel.c:77
msgid "Specify a non-default config file"
msgstr ""
-#: src/monitor/monitor.c:2385
+#: src/monitor/monitor.c:2404
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381
-#: src/util/util.h:89
+#: src/providers/krb5/krb5_child.c:1606 src/providers/ldap/ldap_child.c:402
+#: src/util/util.h:91
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1608 src/providers/ldap/ldap_child.c:404
+#: src/util/util.h:95
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385
-#: src/util/util.h:95
+#: src/providers/krb5/krb5_child.c:1610 src/providers/ldap/ldap_child.c:406
+#: src/util/util.h:97
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387
+#: src/providers/krb5/krb5_child.c:1612 src/providers/ldap/ldap_child.c:408
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:2016
+#: src/providers/data_provider_be.c:2217
msgid "Domain of the information provider (mandatory)"
msgstr ""
@@ -910,95 +968,96 @@ msgstr ""
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:378
+#: src/sss_client/pam_sss.c:379
msgid "Passwords do not match"
msgstr ""
-#: src/sss_client/pam_sss.c:571
+#: src/sss_client/pam_sss.c:567
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:612
+#: src/sss_client/pam_sss.c:608
msgid "Authenticated with cached credentials"
msgstr ""
-#: src/sss_client/pam_sss.c:613
+#: src/sss_client/pam_sss.c:609
msgid ", your cached password will expire at: "
msgstr ""
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:639
#, c-format
msgid "Your password has expired. You have %d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:689
+#: src/sss_client/pam_sss.c:685
#, c-format
msgid "Your password will expire in %d %s."
msgstr ""
-#: src/sss_client/pam_sss.c:738
+#: src/sss_client/pam_sss.c:734
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:759
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:789 src/sss_client/pam_sss.c:802
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:792 src/sss_client/pam_sss.c:803
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1286
+#: src/sss_client/pam_sss.c:1288
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1287
+#: src/sss_client/pam_sss.c:1289
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1373
+#: src/sss_client/pam_sss.c:1375
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1405
+#: src/sss_client/pam_sss.c:1407
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1552
+#: src/sss_client/pam_sss.c:1554
msgid "Password expired. Change your password now."
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:211 src/tools/sss_useradd.c:48
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:43
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:615
#: src/tools/sss_userdel.c:131 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:254 src/tools/sss_debuglevel.c:75
+#: src/tools/sss_cache.c:321 src/tools/sss_debuglevel.c:75
msgid "The debug level to run with"
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:215
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:199
msgid "The SSSD domain to use"
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:58
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:229 src/tools/sss_useradd.c:71
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:216 src/tools/sss_useradd.c:71
#: src/tools/sss_groupadd.c:56 src/tools/sss_groupdel.c:52
#: src/tools/sss_groupmod.c:63 src/tools/sss_groupshow.c:626
#: src/tools/sss_userdel.c:148 src/tools/sss_usermod.c:72
-#: src/tools/sss_cache.c:275
+#: src/tools/sss_cache.c:352
msgid "Error setting the locale\n"
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:65
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:91
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:236
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:269
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:115
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:223
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:283
msgid "Not enough memory\n"
msgstr ""
@@ -1006,35 +1065,43 @@ msgstr ""
msgid "User not specified\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:104
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:282
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:105
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:297
msgid "Error looking up public keys\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:94
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:76
msgid "Failed to open a socket\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:104
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:86
msgid "Failed to connect to the server\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:179
msgid "Failed to execute proxy command\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:213
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:197
msgid "The port to use to connect to the host"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:255
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:242
msgid "Host not specified\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:261
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:248
msgid "The path to the proxy command must be absolute\n"
msgstr ""
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:263
+msgid "Host name cannot be resolved\n"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:274
+msgid "Reverse lookup failed\n"
+msgstr ""
+
#: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
msgid "The UID of the user"
msgstr ""
@@ -1406,44 +1473,87 @@ msgstr ""
msgid "Transaction error. Could not modify user.\n"
msgstr ""
-#: src/tools/sss_cache.c:132
+#: src/tools/sss_cache.c:138
+msgid "No cache object matched the specified search\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:172
+#, c-format
+msgid "No such %s named %s, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:175
+#, c-format
+msgid "No objects of type %s in the cache, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:187
#, c-format
msgid "Couldn't invalidate %s"
msgstr ""
-#: src/tools/sss_cache.c:138
+#: src/tools/sss_cache.c:194
#, c-format
msgid "Couldn't invalidate %s %s"
msgstr ""
-#: src/tools/sss_cache.c:256
+#: src/tools/sss_cache.c:323
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:258
+#: src/tools/sss_cache.c:325
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:260
+#: src/tools/sss_cache.c:327
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:262
+#: src/tools/sss_cache.c:329
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:264
+#: src/tools/sss_cache.c:331
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:266
+#: src/tools/sss_cache.c:333
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:268
+#: src/tools/sss_cache.c:335
+msgid "Invalidate particular service"
+msgstr ""
+
+#: src/tools/sss_cache.c:337
+msgid "Invalidate all services"
+msgstr ""
+
+#: src/tools/sss_cache.c:340
+msgid "Invalidate particular autofs map"
+msgstr ""
+
+#: src/tools/sss_cache.c:342
+msgid "Invalidate all autofs maps"
+msgstr ""
+
+#: src/tools/sss_cache.c:345
msgid "Only invalidate entries from a particular domain"
msgstr ""
+#: src/tools/sss_cache.c:384
+msgid "Please select at least one object to invalidate\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:455
+#, c-format
+msgid "Could not open domain %s\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:457
+msgid "Could not open available domains\n"
+msgstr ""
+
#: src/tools/sss_debuglevel.c:43
msgid "\n"
msgstr ""
@@ -1461,6 +1571,6 @@ msgstr ""
msgid "%s must be run as root\n"
msgstr ""
-#: src/util/util.h:91
+#: src/util/util.h:93
msgid "Send the debug output to files instead of stderr"
msgstr ""
diff --git a/po/sv.po b/po/sv.po
index 79de63fa0..1a3356580 100644
--- a/po/sv.po
+++ b/po/sv.po
@@ -7,8 +7,8 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2012-03-12 16:37-0400\n"
-"PO-Revision-Date: 2012-03-08 11:41+0000\n"
+"POT-Creation-Date: 2012-05-11 14:59-0400\n"
+"PO-Revision-Date: 2012-04-20 16:09+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: Swedish (http://www.transifex.net/projects/p/fedora/language/"
"sv/)\n"
@@ -39,852 +39,911 @@ msgid "Ping timeout before restarting service"
msgstr "Ping-tidsgräns före tjänst startas om"
#: src/config/SSSDConfig.py:44
+msgid ""
+"Timeout between three failed ping checks and forcibly killing the service"
+msgstr ""
+
+#: src/config/SSSDConfig.py:45
msgid "Command to start service"
msgstr "Kommando för att starta tjänst"
-#: src/config/SSSDConfig.py:45
+#: src/config/SSSDConfig.py:46
msgid "Number of times to attempt connection to Data Providers"
msgstr "Antal gånger att försöka ansluta till dataleverantörer"
-#: src/config/SSSDConfig.py:46
+#: src/config/SSSDConfig.py:47
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig.py:49
+#: src/config/SSSDConfig.py:50
msgid "SSSD Services to start"
msgstr "SSSD-tjänster att starta"
-#: src/config/SSSDConfig.py:50
+#: src/config/SSSDConfig.py:51
msgid "SSSD Domains to start"
msgstr "SSSD-domäner att starta"
-#: src/config/SSSDConfig.py:51
+#: src/config/SSSDConfig.py:52
msgid "Timeout for messages sent over the SBUS"
msgstr "Tidsgräns för meddelanden skickade via SBUS"
-#: src/config/SSSDConfig.py:52
+#: src/config/SSSDConfig.py:53
msgid "Regex to parse username and domain"
msgstr "Reguljäruttryck för att tolka användarnamn och domän"
-#: src/config/SSSDConfig.py:53
+#: src/config/SSSDConfig.py:54
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr "Printf-kompatibla format för att visa fullständigt kvalificerade namn"
-#: src/config/SSSDConfig.py:54
+#: src/config/SSSDConfig.py:55
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig.py:57
+#: src/config/SSSDConfig.py:58
msgid "Enumeration cache timeout length (seconds)"
msgstr "Tidsgränslängd för uppräkningscache (sekunder)"
-#: src/config/SSSDConfig.py:58
+#: src/config/SSSDConfig.py:59
msgid "Entry cache background update timeout length (seconds)"
msgstr "Tidsgränslängd för bakgrundsuppdateringar av postcache (sekunder)"
-#: src/config/SSSDConfig.py:59 src/config/SSSDConfig.py:82
+#: src/config/SSSDConfig.py:60 src/config/SSSDConfig.py:85
msgid "Negative cache timeout length (seconds)"
msgstr "Tidsgränslängd för negativ cache (sekunder)"
-#: src/config/SSSDConfig.py:60
+#: src/config/SSSDConfig.py:61
msgid "Users that SSSD should explicitly ignore"
msgstr "Användare som SSSD uttryckligen skall bortse ifrån"
-#: src/config/SSSDConfig.py:61
+#: src/config/SSSDConfig.py:62
msgid "Groups that SSSD should explicitly ignore"
msgstr "Grupper som SSSD uttryckligen skall bortse ifrån"
-#: src/config/SSSDConfig.py:62
+#: src/config/SSSDConfig.py:63
msgid "Should filtered users appear in groups"
msgstr "Skall filtrerade användare förekomma i grupper"
-#: src/config/SSSDConfig.py:63
+#: src/config/SSSDConfig.py:64
msgid "The value of the password field the NSS provider should return"
msgstr "Värdet på lösenordfältet som NSS-leverantörer skall returnera"
-#: src/config/SSSDConfig.py:64
+#: src/config/SSSDConfig.py:65
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:65
+#: src/config/SSSDConfig.py:66
+msgid ""
+"Substitute empty homedir value from the identity provider with this value"
+msgstr ""
+
+#: src/config/SSSDConfig.py:67
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig.py:66
+#: src/config/SSSDConfig.py:68
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig.py:67
+#: src/config/SSSDConfig.py:69
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
#: src/config/SSSDConfig.py:70
+msgid "Shell to use if the provider does not list one"
+msgstr ""
+
+#: src/config/SSSDConfig.py:73
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
"Hur länge sparade inloggningar tillåts mellan online-inloggningar (dagar)"
-#: src/config/SSSDConfig.py:71
+#: src/config/SSSDConfig.py:74
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
-#: src/config/SSSDConfig.py:72
+#: src/config/SSSDConfig.py:75
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
msgstr ""
-#: src/config/SSSDConfig.py:73
+#: src/config/SSSDConfig.py:76
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig.py:74
+#: src/config/SSSDConfig.py:77
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig.py:75
+#: src/config/SSSDConfig.py:78
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig.py:78
+#: src/config/SSSDConfig.py:81
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:79
+#: src/config/SSSDConfig.py:82
msgid ""
"How many seconds to keep sudorules cached before asking the provider again"
msgstr ""
-#: src/config/SSSDConfig.py:85
+#: src/config/SSSDConfig.py:88
+msgid "Whether to hash host names and adresses in the known_hosts file"
+msgstr ""
+
+#: src/config/SSSDConfig.py:91
msgid "Identity provider"
msgstr "Identifiera leverantör"
-#: src/config/SSSDConfig.py:86
+#: src/config/SSSDConfig.py:92
msgid "Authentication provider"
msgstr "Autentiseringsleverantör"
-#: src/config/SSSDConfig.py:87
+#: src/config/SSSDConfig.py:93
msgid "Access control provider"
msgstr "Leverantör av åtkomstkontroll"
-#: src/config/SSSDConfig.py:88
+#: src/config/SSSDConfig.py:94
msgid "Password change provider"
msgstr "Leverantör av lösenordsändringar"
-#: src/config/SSSDConfig.py:89
+#: src/config/SSSDConfig.py:95
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig.py:90
+#: src/config/SSSDConfig.py:96
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig.py:91
+#: src/config/SSSDConfig.py:97
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig.py:92
+#: src/config/SSSDConfig.py:98
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig.py:95
+#: src/config/SSSDConfig.py:101
msgid "Minimum user ID"
msgstr "Minsta användar-ID"
-#: src/config/SSSDConfig.py:96
+#: src/config/SSSDConfig.py:102
msgid "Maximum user ID"
msgstr "Största användar-ID"
-#: src/config/SSSDConfig.py:97
+#: src/config/SSSDConfig.py:103
msgid "Enable enumerating all users/groups"
msgstr "Aktivera uppräkning av alla användare/grupper"
-#: src/config/SSSDConfig.py:98
+#: src/config/SSSDConfig.py:104
msgid "Cache credentials for offline login"
msgstr "Cache-kreditiv för frånkopplad inloggning"
-#: src/config/SSSDConfig.py:99
+#: src/config/SSSDConfig.py:105
msgid "Store password hashes"
msgstr "Lagra lösenords-kontrollsummor"
-#: src/config/SSSDConfig.py:100
+#: src/config/SSSDConfig.py:106
msgid "Display users/groups in fully-qualified form"
msgstr "Visa användare/grupper i fullständigt kvalificerat format"
-#: src/config/SSSDConfig.py:101 src/config/SSSDConfig.py:108
-#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
-#: src/config/SSSDConfig.py:111 src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:115 src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:117 src/config/SSSDConfig.py:118
msgid "Entry cache timeout length (seconds)"
msgstr "Tidsgränslängd för postcache (sekunder)"
-#: src/config/SSSDConfig.py:102
+#: src/config/SSSDConfig.py:108
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
-#: src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:109
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:110
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:111
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig.py:106
+#: src/config/SSSDConfig.py:112
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:107
+#: src/config/SSSDConfig.py:113
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:121
msgid "IPA domain"
msgstr "IPA-domän"
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:122
msgid "IPA server address"
msgstr "IPA-serveradress"
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:123
msgid "IPA client hostname"
msgstr "IPA-klienvärdnamn"
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:124
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:125
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:126
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:127
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:128
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:129
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:130
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig.py:127 src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:133 src/config/SSSDConfig.py:134
msgid "Kerberos server address"
msgstr "Kerberosserveradress"
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:135
msgid "Kerberos realm"
msgstr "Kerberosrike"
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:136
msgid "Authentication timeout"
msgstr "Autentiseringstidsgräns"
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:139
msgid "Directory to store credential caches"
msgstr "Katalog att lagra kreditiv-cachar i"
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:140
msgid "Location of the user's credential cache"
msgstr "Plats för användarens kreditiv-cache"
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:141
msgid "Location of the keytab to validate credentials"
msgstr "Plats för nyckeltabellen för att validera kreditiv"
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:142
msgid "Enable credential validation"
msgstr "Aktivera validering av kreditiv"
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:143
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:144
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:146
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:147
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:148
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:149
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:152
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:155
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, URI:n för LDAP-servern"
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:156
msgid "The default base DN"
msgstr "Standard bas-DN"
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:157
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Schematypen som används i LDAP-servern, rfc2307"
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:158
msgid "The default bind DN"
msgstr "Standard bindnings-DN"
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:159
msgid "The type of the authentication token of the default bind DN"
msgstr "Typen på autenticerings-token för standard bindnings-DN"
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:160
msgid "The authentication token of the default bind DN"
msgstr "Autenticerings-token för standard bindnings-DN"
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:161
msgid "Length of time to attempt connection"
msgstr "Tidslängd att försöka ansluta"
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:162
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Tidslängd att försök synkrona LDAP-operationer"
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:163
msgid "Length of time between attempts to reconnect while offline"
msgstr "Tidslängd mellan försök att återansluta under frånkoppling"
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:164
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:165
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:166
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:167
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:168
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:169
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:170
msgid "Require TLS certificate verification"
msgstr "Kräv TLS-certifikatverifiering"
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:171
msgid "Specify the sasl mechanism to use"
msgstr "Ange sasl-mekanismen att använda"
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:172
msgid "Specify the sasl authorization id to use"
msgstr "Ange sasl-auktorisering-id att använda"
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:173
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:174
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:175
msgid "Kerberos service keytab"
msgstr "Kerberostjänstens nyckeltabell"
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:176
msgid "Use Kerberos auth for LDAP connection"
msgstr "Avnänd Kerberosautenticering för LDAP-anslutning"
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:177
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:178
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:179
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:180
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:181
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:182
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:183
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:185
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:186
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:188
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:190
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:193
msgid "Length of time to wait for a search request"
msgstr "Tidslängd att vänta på en sökbegäran"
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:194
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:195
msgid "Length of time between enumeration updates"
msgstr "Tidslängd mellan uppräkningsuppdateringar"
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:196
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:197
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:198
+msgid "Use ID-mapping of objectSID instead of pre-set IDs"
+msgstr ""
+
+#: src/config/SSSDConfig.py:199
msgid "Base DN for user lookups"
msgstr "Bas-DN för användaruppslagningar"
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:200
msgid "Scope of user lookups"
msgstr "Omfång av användaruppslagningar"
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:201
msgid "Filter for user lookups"
msgstr "Filter för användaruppslagningar"
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:202
msgid "Objectclass for users"
msgstr "Objektklass för användare"
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:203
msgid "Username attribute"
msgstr "Användarnamnsattribut"
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:205
msgid "UID attribute"
msgstr "UID-attribut"
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:206
msgid "Primary GID attribute"
msgstr "Primärt GID-attribut"
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:207
msgid "GECOS attribute"
msgstr "GECOS-attribut"
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:208
msgid "Home directory attribute"
msgstr "Hemkatalogattribut"
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:209
msgid "Shell attribute"
msgstr "Skalattribut"
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:210
msgid "UUID attribute"
msgstr "UUID-attribut"
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:211 src/config/SSSDConfig.py:247
+#, fuzzy
+msgid "objectSID attribute"
+msgstr "UID-attribut"
+
+#: src/config/SSSDConfig.py:212
+msgid "Active Directory primary group attribute for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:213
msgid "User principal attribute (for Kerberos)"
msgstr "Användarens huvudmansattribut (för Kerberos)"
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:214
msgid "Full Name"
msgstr "Fullständigt namn"
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:215
msgid "memberOf attribute"
msgstr "medlemAv-attribut"
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:216
msgid "Modification time attribute"
msgstr "Modifieringstidsattribut"
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:218
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:219
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:220
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:221
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:213
+#: src/config/SSSDConfig.py:222
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:223
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:224
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:225
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:226
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:227
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:228
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:229
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:230
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:231
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:232
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:233
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:234
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:226
+#: src/config/SSSDConfig.py:235
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:236
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:238
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:232
+#: src/config/SSSDConfig.py:241
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:242
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:243
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:235
+#: src/config/SSSDConfig.py:244
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:236
+#: src/config/SSSDConfig.py:245
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:246
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:248
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:240
+#: src/config/SSSDConfig.py:250
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:252
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:243
+#: src/config/SSSDConfig.py:253
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:244
+#: src/config/SSSDConfig.py:254
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:255
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:246
+#: src/config/SSSDConfig.py:256
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:247
+#: src/config/SSSDConfig.py:257
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:258
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:250
+#: src/config/SSSDConfig.py:260
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:251
+#: src/config/SSSDConfig.py:261
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig.py:252
+#: src/config/SSSDConfig.py:262
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig.py:253
+#: src/config/SSSDConfig.py:263
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig.py:254
+#: src/config/SSSDConfig.py:264
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig.py:258
+#: src/config/SSSDConfig.py:267
+msgid "Lower bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:268
+msgid "Upper bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:269
+msgid "Number of IDs for each slice when ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:270
+msgid "Use autorid-compatible algorithm for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:271
+msgid "Name of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:272
+msgid "SID of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:275
msgid "Policy to evaluate the password expiration"
msgstr "Policy för att utvärdera utgång av lösenord"
-#: src/config/SSSDConfig.py:261
+#: src/config/SSSDConfig.py:278
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:262
+#: src/config/SSSDConfig.py:279
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:263
+#: src/config/SSSDConfig.py:280
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:266
+#: src/config/SSSDConfig.py:283
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:267
+#: src/config/SSSDConfig.py:284
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:270
+#: src/config/SSSDConfig.py:287
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig.py:271
+#: src/config/SSSDConfig.py:288
msgid "Enable periodical update of all sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:272
+#: src/config/SSSDConfig.py:289
msgid "Length of time between rules updates"
msgstr ""
-#: src/config/SSSDConfig.py:273
+#: src/config/SSSDConfig.py:290
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:274
+#: src/config/SSSDConfig.py:291
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig.py:275
+#: src/config/SSSDConfig.py:292
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig.py:276
+#: src/config/SSSDConfig.py:293
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig.py:277
+#: src/config/SSSDConfig.py:294
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig.py:278
+#: src/config/SSSDConfig.py:295
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig.py:279
+#: src/config/SSSDConfig.py:296
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig.py:280
+#: src/config/SSSDConfig.py:297
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig.py:281
+#: src/config/SSSDConfig.py:298
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig.py:282
+#: src/config/SSSDConfig.py:299
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig.py:283
+#: src/config/SSSDConfig.py:300
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig.py:286
+#: src/config/SSSDConfig.py:303
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig.py:287
+#: src/config/SSSDConfig.py:304
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig.py:288
+#: src/config/SSSDConfig.py:305
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig.py:289
+#: src/config/SSSDConfig.py:306
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig.py:290
+#: src/config/SSSDConfig.py:307
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig.py:291
+#: src/config/SSSDConfig.py:308
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig.py:294
+#: src/config/SSSDConfig.py:311
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:295
+#: src/config/SSSDConfig.py:312
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:298
+#: src/config/SSSDConfig.py:315
msgid "Default shell, /bin/bash"
msgstr "Standardskal, /bin/bash"
-#: src/config/SSSDConfig.py:299
+#: src/config/SSSDConfig.py:316
msgid "Base for home directories"
msgstr "Bas för hemkataloger"
-#: src/config/SSSDConfig.py:302
+#: src/config/SSSDConfig.py:319
msgid "The name of the NSS library to use"
msgstr "Namnet på NSS-biblioteket att använda"
-#: src/config/SSSDConfig.py:305
+#: src/config/SSSDConfig.py:320
+msgid "Whether to look up canonical group name from cache if possible"
+msgstr ""
+
+#: src/config/SSSDConfig.py:323
msgid "PAM stack to use"
msgstr "PAM-stack att använda"
-#: src/monitor/monitor.c:2379
+#: src/monitor/monitor.c:2398
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2381
+#: src/monitor/monitor.c:2400
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2383 src/tools/sss_debuglevel.c:77
+#: src/monitor/monitor.c:2402 src/tools/sss_debuglevel.c:77
msgid "Specify a non-default config file"
msgstr ""
-#: src/monitor/monitor.c:2385
+#: src/monitor/monitor.c:2404
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381
-#: src/util/util.h:89
+#: src/providers/krb5/krb5_child.c:1606 src/providers/ldap/ldap_child.c:402
+#: src/util/util.h:91
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1608 src/providers/ldap/ldap_child.c:404
+#: src/util/util.h:95
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385
-#: src/util/util.h:95
+#: src/providers/krb5/krb5_child.c:1610 src/providers/ldap/ldap_child.c:406
+#: src/util/util.h:97
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387
+#: src/providers/krb5/krb5_child.c:1612 src/providers/ldap/ldap_child.c:408
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:2016
+#: src/providers/data_provider_be.c:2217
msgid "Domain of the information provider (mandatory)"
msgstr ""
@@ -912,95 +971,96 @@ msgstr ""
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:378
+#: src/sss_client/pam_sss.c:379
msgid "Passwords do not match"
msgstr "Lösenorden stämmer inte överens"
-#: src/sss_client/pam_sss.c:571
+#: src/sss_client/pam_sss.c:567
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:612
+#: src/sss_client/pam_sss.c:608
msgid "Authenticated with cached credentials"
msgstr ""
-#: src/sss_client/pam_sss.c:613
+#: src/sss_client/pam_sss.c:609
msgid ", your cached password will expire at: "
msgstr ""
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:639
#, c-format
msgid "Your password has expired. You have %d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:689
+#: src/sss_client/pam_sss.c:685
#, c-format
msgid "Your password will expire in %d %s."
msgstr ""
-#: src/sss_client/pam_sss.c:738
+#: src/sss_client/pam_sss.c:734
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:759
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:789 src/sss_client/pam_sss.c:802
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:792 src/sss_client/pam_sss.c:803
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1286
+#: src/sss_client/pam_sss.c:1288
msgid "New Password: "
msgstr "Nytt lösenord: "
-#: src/sss_client/pam_sss.c:1287
+#: src/sss_client/pam_sss.c:1289
msgid "Reenter new Password: "
msgstr "Skriv det nya lösenordet igen: "
-#: src/sss_client/pam_sss.c:1373
+#: src/sss_client/pam_sss.c:1375
msgid "Password: "
msgstr "Lösenord: "
-#: src/sss_client/pam_sss.c:1405
+#: src/sss_client/pam_sss.c:1407
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1552
+#: src/sss_client/pam_sss.c:1554
msgid "Password expired. Change your password now."
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:211 src/tools/sss_useradd.c:48
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:43
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:615
#: src/tools/sss_userdel.c:131 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:254 src/tools/sss_debuglevel.c:75
+#: src/tools/sss_cache.c:321 src/tools/sss_debuglevel.c:75
msgid "The debug level to run with"
msgstr "Felsökningsnivå att köra med"
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:215
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:199
msgid "The SSSD domain to use"
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:58
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:229 src/tools/sss_useradd.c:71
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:216 src/tools/sss_useradd.c:71
#: src/tools/sss_groupadd.c:56 src/tools/sss_groupdel.c:52
#: src/tools/sss_groupmod.c:63 src/tools/sss_groupshow.c:626
#: src/tools/sss_userdel.c:148 src/tools/sss_usermod.c:72
-#: src/tools/sss_cache.c:275
+#: src/tools/sss_cache.c:352
msgid "Error setting the locale\n"
msgstr "Fel när lokalen sattes\n"
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:65
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:91
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:236
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:269
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:115
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:223
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:283
msgid "Not enough memory\n"
msgstr ""
@@ -1008,35 +1068,43 @@ msgstr ""
msgid "User not specified\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:104
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:282
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:105
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:297
msgid "Error looking up public keys\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:94
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:76
msgid "Failed to open a socket\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:104
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:86
msgid "Failed to connect to the server\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:179
msgid "Failed to execute proxy command\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:213
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:197
msgid "The port to use to connect to the host"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:255
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:242
msgid "Host not specified\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:261
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:248
msgid "The path to the proxy command must be absolute\n"
msgstr ""
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:263
+msgid "Host name cannot be resolved\n"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:274
+msgid "Reverse lookup failed\n"
+msgstr ""
+
#: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
msgid "The UID of the user"
msgstr "Användarens UID"
@@ -1425,44 +1493,87 @@ msgstr ""
msgid "Transaction error. Could not modify user.\n"
msgstr "Transaktionsfel. Det gick inte att ändra användaren.\n"
-#: src/tools/sss_cache.c:132
+#: src/tools/sss_cache.c:138
+msgid "No cache object matched the specified search\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:172
+#, c-format
+msgid "No such %s named %s, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:175
+#, c-format
+msgid "No objects of type %s in the cache, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:187
#, c-format
msgid "Couldn't invalidate %s"
msgstr ""
-#: src/tools/sss_cache.c:138
+#: src/tools/sss_cache.c:194
#, c-format
msgid "Couldn't invalidate %s %s"
msgstr ""
-#: src/tools/sss_cache.c:256
+#: src/tools/sss_cache.c:323
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:258
+#: src/tools/sss_cache.c:325
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:260
+#: src/tools/sss_cache.c:327
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:262
+#: src/tools/sss_cache.c:329
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:264
+#: src/tools/sss_cache.c:331
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:266
+#: src/tools/sss_cache.c:333
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:268
+#: src/tools/sss_cache.c:335
+msgid "Invalidate particular service"
+msgstr ""
+
+#: src/tools/sss_cache.c:337
+msgid "Invalidate all services"
+msgstr ""
+
+#: src/tools/sss_cache.c:340
+msgid "Invalidate particular autofs map"
+msgstr ""
+
+#: src/tools/sss_cache.c:342
+msgid "Invalidate all autofs maps"
+msgstr ""
+
+#: src/tools/sss_cache.c:345
msgid "Only invalidate entries from a particular domain"
msgstr ""
+#: src/tools/sss_cache.c:384
+msgid "Please select at least one object to invalidate\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:455
+#, c-format
+msgid "Could not open domain %s\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:457
+msgid "Could not open available domains\n"
+msgstr ""
+
#: src/tools/sss_debuglevel.c:43
msgid "\n"
msgstr ""
@@ -1480,6 +1591,6 @@ msgstr "Slut på minne\n"
msgid "%s must be run as root\n"
msgstr "%s måste köras som root\n"
-#: src/util/util.h:91
+#: src/util/util.h:93
msgid "Send the debug output to files instead of stderr"
msgstr ""
diff --git a/po/tg.po b/po/tg.po
index bec5b229a..037ecf3e9 100644
--- a/po/tg.po
+++ b/po/tg.po
@@ -7,8 +7,8 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2012-03-12 16:37-0400\n"
-"PO-Revision-Date: 2012-03-08 11:42+0000\n"
+"POT-Creation-Date: 2012-05-11 14:59-0400\n"
+"PO-Revision-Date: 2012-04-20 16:09+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: Tajik (http://www.transifex.net/projects/p/fedora/language/"
"tg/)\n"
@@ -39,851 +39,910 @@ msgid "Ping timeout before restarting service"
msgstr ""
#: src/config/SSSDConfig.py:44
-msgid "Command to start service"
+msgid ""
+"Timeout between three failed ping checks and forcibly killing the service"
msgstr ""
#: src/config/SSSDConfig.py:45
-msgid "Number of times to attempt connection to Data Providers"
+msgid "Command to start service"
msgstr ""
#: src/config/SSSDConfig.py:46
+msgid "Number of times to attempt connection to Data Providers"
+msgstr ""
+
+#: src/config/SSSDConfig.py:47
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig.py:49
+#: src/config/SSSDConfig.py:50
msgid "SSSD Services to start"
msgstr ""
-#: src/config/SSSDConfig.py:50
+#: src/config/SSSDConfig.py:51
msgid "SSSD Domains to start"
msgstr ""
-#: src/config/SSSDConfig.py:51
+#: src/config/SSSDConfig.py:52
msgid "Timeout for messages sent over the SBUS"
msgstr ""
-#: src/config/SSSDConfig.py:52
+#: src/config/SSSDConfig.py:53
msgid "Regex to parse username and domain"
msgstr ""
-#: src/config/SSSDConfig.py:53
+#: src/config/SSSDConfig.py:54
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr ""
-#: src/config/SSSDConfig.py:54
+#: src/config/SSSDConfig.py:55
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig.py:57
+#: src/config/SSSDConfig.py:58
msgid "Enumeration cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:58
+#: src/config/SSSDConfig.py:59
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:59 src/config/SSSDConfig.py:82
+#: src/config/SSSDConfig.py:60 src/config/SSSDConfig.py:85
msgid "Negative cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:60
+#: src/config/SSSDConfig.py:61
msgid "Users that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig.py:61
+#: src/config/SSSDConfig.py:62
msgid "Groups that SSSD should explicitly ignore"
msgstr ""
-#: src/config/SSSDConfig.py:62
+#: src/config/SSSDConfig.py:63
msgid "Should filtered users appear in groups"
msgstr ""
-#: src/config/SSSDConfig.py:63
+#: src/config/SSSDConfig.py:64
msgid "The value of the password field the NSS provider should return"
msgstr ""
-#: src/config/SSSDConfig.py:64
+#: src/config/SSSDConfig.py:65
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:65
+#: src/config/SSSDConfig.py:66
+msgid ""
+"Substitute empty homedir value from the identity provider with this value"
+msgstr ""
+
+#: src/config/SSSDConfig.py:67
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig.py:66
+#: src/config/SSSDConfig.py:68
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig.py:67
+#: src/config/SSSDConfig.py:69
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
#: src/config/SSSDConfig.py:70
+msgid "Shell to use if the provider does not list one"
+msgstr ""
+
+#: src/config/SSSDConfig.py:73
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
-#: src/config/SSSDConfig.py:71
+#: src/config/SSSDConfig.py:74
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
-#: src/config/SSSDConfig.py:72
+#: src/config/SSSDConfig.py:75
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
msgstr ""
-#: src/config/SSSDConfig.py:73
+#: src/config/SSSDConfig.py:76
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig.py:74
+#: src/config/SSSDConfig.py:77
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig.py:75
+#: src/config/SSSDConfig.py:78
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig.py:78
+#: src/config/SSSDConfig.py:81
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:79
+#: src/config/SSSDConfig.py:82
msgid ""
"How many seconds to keep sudorules cached before asking the provider again"
msgstr ""
-#: src/config/SSSDConfig.py:85
+#: src/config/SSSDConfig.py:88
+msgid "Whether to hash host names and adresses in the known_hosts file"
+msgstr ""
+
+#: src/config/SSSDConfig.py:91
msgid "Identity provider"
msgstr ""
-#: src/config/SSSDConfig.py:86
+#: src/config/SSSDConfig.py:92
msgid "Authentication provider"
msgstr ""
-#: src/config/SSSDConfig.py:87
+#: src/config/SSSDConfig.py:93
msgid "Access control provider"
msgstr ""
-#: src/config/SSSDConfig.py:88
+#: src/config/SSSDConfig.py:94
msgid "Password change provider"
msgstr ""
-#: src/config/SSSDConfig.py:89
+#: src/config/SSSDConfig.py:95
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig.py:90
+#: src/config/SSSDConfig.py:96
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig.py:91
+#: src/config/SSSDConfig.py:97
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig.py:92
+#: src/config/SSSDConfig.py:98
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig.py:95
+#: src/config/SSSDConfig.py:101
msgid "Minimum user ID"
msgstr ""
-#: src/config/SSSDConfig.py:96
+#: src/config/SSSDConfig.py:102
msgid "Maximum user ID"
msgstr ""
-#: src/config/SSSDConfig.py:97
+#: src/config/SSSDConfig.py:103
msgid "Enable enumerating all users/groups"
msgstr ""
-#: src/config/SSSDConfig.py:98
+#: src/config/SSSDConfig.py:104
msgid "Cache credentials for offline login"
msgstr ""
-#: src/config/SSSDConfig.py:99
+#: src/config/SSSDConfig.py:105
msgid "Store password hashes"
msgstr ""
-#: src/config/SSSDConfig.py:100
+#: src/config/SSSDConfig.py:106
msgid "Display users/groups in fully-qualified form"
msgstr ""
-#: src/config/SSSDConfig.py:101 src/config/SSSDConfig.py:108
-#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
-#: src/config/SSSDConfig.py:111 src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:115 src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:117 src/config/SSSDConfig.py:118
msgid "Entry cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:102
+#: src/config/SSSDConfig.py:108
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
-#: src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:109
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:110
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:111
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig.py:106
+#: src/config/SSSDConfig.py:112
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:107
+#: src/config/SSSDConfig.py:113
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:121
msgid "IPA domain"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:122
msgid "IPA server address"
msgstr ""
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:123
msgid "IPA client hostname"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:124
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:125
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:126
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:127
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:128
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:129
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:130
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig.py:127 src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:133 src/config/SSSDConfig.py:134
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:135
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:136
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:139
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:140
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:141
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:142
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:143
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:144
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:146
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:147
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:148
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:149
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:152
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:155
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:156
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:157
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:158
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:159
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:160
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:161
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:162
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:163
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:164
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:165
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:166
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:167
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:168
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:169
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:170
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:171
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:172
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:173
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:174
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:175
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:176
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:177
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:178
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:179
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:180
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:181
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:182
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:183
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:185
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:186
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:188
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:190
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:193
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:194
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:195
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:196
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:197
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:198
+msgid "Use ID-mapping of objectSID instead of pre-set IDs"
+msgstr ""
+
+#: src/config/SSSDConfig.py:199
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:200
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:201
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:202
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:203
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:205
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:206
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:207
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:208
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:209
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:210
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:211 src/config/SSSDConfig.py:247
+#, fuzzy
+msgid "objectSID attribute"
+msgstr "Аттрибути GID"
+
+#: src/config/SSSDConfig.py:212
+msgid "Active Directory primary group attribute for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:213
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:214
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:215
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:216
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:218
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:219
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:220
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:221
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:213
+#: src/config/SSSDConfig.py:222
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:223
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:224
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:225
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:226
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:227
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:228
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:229
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:230
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:231
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:232
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:233
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:234
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:226
+#: src/config/SSSDConfig.py:235
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:236
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:238
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:232
+#: src/config/SSSDConfig.py:241
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:242
msgid "Group name"
msgstr "Номи гурӯҳ"
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:243
msgid "Group password"
msgstr "Пароли гурӯҳ"
-#: src/config/SSSDConfig.py:235
+#: src/config/SSSDConfig.py:244
msgid "GID attribute"
msgstr "Аттрибути GID"
-#: src/config/SSSDConfig.py:236
+#: src/config/SSSDConfig.py:245
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:246
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:248
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:240
+#: src/config/SSSDConfig.py:250
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:252
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:243
+#: src/config/SSSDConfig.py:253
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:244
+#: src/config/SSSDConfig.py:254
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:255
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:246
+#: src/config/SSSDConfig.py:256
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:247
+#: src/config/SSSDConfig.py:257
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:258
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:250
+#: src/config/SSSDConfig.py:260
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:251
+#: src/config/SSSDConfig.py:261
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig.py:252
+#: src/config/SSSDConfig.py:262
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig.py:253
+#: src/config/SSSDConfig.py:263
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig.py:254
+#: src/config/SSSDConfig.py:264
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig.py:258
+#: src/config/SSSDConfig.py:267
+msgid "Lower bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:268
+msgid "Upper bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:269
+msgid "Number of IDs for each slice when ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:270
+msgid "Use autorid-compatible algorithm for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:271
+msgid "Name of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:272
+msgid "SID of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:275
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:261
+#: src/config/SSSDConfig.py:278
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:262
+#: src/config/SSSDConfig.py:279
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:263
+#: src/config/SSSDConfig.py:280
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:266
+#: src/config/SSSDConfig.py:283
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:267
+#: src/config/SSSDConfig.py:284
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:270
+#: src/config/SSSDConfig.py:287
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig.py:271
+#: src/config/SSSDConfig.py:288
msgid "Enable periodical update of all sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:272
+#: src/config/SSSDConfig.py:289
msgid "Length of time between rules updates"
msgstr ""
-#: src/config/SSSDConfig.py:273
+#: src/config/SSSDConfig.py:290
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:274
+#: src/config/SSSDConfig.py:291
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig.py:275
+#: src/config/SSSDConfig.py:292
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig.py:276
+#: src/config/SSSDConfig.py:293
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig.py:277
+#: src/config/SSSDConfig.py:294
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig.py:278
+#: src/config/SSSDConfig.py:295
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig.py:279
+#: src/config/SSSDConfig.py:296
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig.py:280
+#: src/config/SSSDConfig.py:297
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig.py:281
+#: src/config/SSSDConfig.py:298
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig.py:282
+#: src/config/SSSDConfig.py:299
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig.py:283
+#: src/config/SSSDConfig.py:300
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig.py:286
+#: src/config/SSSDConfig.py:303
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig.py:287
+#: src/config/SSSDConfig.py:304
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig.py:288
+#: src/config/SSSDConfig.py:305
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig.py:289
+#: src/config/SSSDConfig.py:306
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig.py:290
+#: src/config/SSSDConfig.py:307
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig.py:291
+#: src/config/SSSDConfig.py:308
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig.py:294
+#: src/config/SSSDConfig.py:311
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:295
+#: src/config/SSSDConfig.py:312
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:298
+#: src/config/SSSDConfig.py:315
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:299
+#: src/config/SSSDConfig.py:316
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:302
+#: src/config/SSSDConfig.py:319
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:305
+#: src/config/SSSDConfig.py:320
+msgid "Whether to look up canonical group name from cache if possible"
+msgstr ""
+
+#: src/config/SSSDConfig.py:323
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2379
+#: src/monitor/monitor.c:2398
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2381
+#: src/monitor/monitor.c:2400
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2383 src/tools/sss_debuglevel.c:77
+#: src/monitor/monitor.c:2402 src/tools/sss_debuglevel.c:77
msgid "Specify a non-default config file"
msgstr ""
-#: src/monitor/monitor.c:2385
+#: src/monitor/monitor.c:2404
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381
-#: src/util/util.h:89
+#: src/providers/krb5/krb5_child.c:1606 src/providers/ldap/ldap_child.c:402
+#: src/util/util.h:91
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1608 src/providers/ldap/ldap_child.c:404
+#: src/util/util.h:95
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385
-#: src/util/util.h:95
+#: src/providers/krb5/krb5_child.c:1610 src/providers/ldap/ldap_child.c:406
+#: src/util/util.h:97
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387
+#: src/providers/krb5/krb5_child.c:1612 src/providers/ldap/ldap_child.c:408
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:2016
+#: src/providers/data_provider_be.c:2217
msgid "Domain of the information provider (mandatory)"
msgstr ""
@@ -911,95 +970,96 @@ msgstr ""
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:378
+#: src/sss_client/pam_sss.c:379
msgid "Passwords do not match"
msgstr "Паролҳо номувофиқанд"
-#: src/sss_client/pam_sss.c:571
+#: src/sss_client/pam_sss.c:567
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:612
+#: src/sss_client/pam_sss.c:608
msgid "Authenticated with cached credentials"
msgstr ""
-#: src/sss_client/pam_sss.c:613
+#: src/sss_client/pam_sss.c:609
msgid ", your cached password will expire at: "
msgstr ""
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:639
#, c-format
msgid "Your password has expired. You have %d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:689
+#: src/sss_client/pam_sss.c:685
#, c-format
msgid "Your password will expire in %d %s."
msgstr ""
-#: src/sss_client/pam_sss.c:738
+#: src/sss_client/pam_sss.c:734
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:759
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:789 src/sss_client/pam_sss.c:802
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:792 src/sss_client/pam_sss.c:803
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1286
+#: src/sss_client/pam_sss.c:1288
msgid "New Password: "
msgstr "Пароли нав:"
-#: src/sss_client/pam_sss.c:1287
+#: src/sss_client/pam_sss.c:1289
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1373
+#: src/sss_client/pam_sss.c:1375
msgid "Password: "
msgstr "Парол:"
-#: src/sss_client/pam_sss.c:1405
+#: src/sss_client/pam_sss.c:1407
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1552
+#: src/sss_client/pam_sss.c:1554
msgid "Password expired. Change your password now."
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:211 src/tools/sss_useradd.c:48
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:43
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:615
#: src/tools/sss_userdel.c:131 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:254 src/tools/sss_debuglevel.c:75
+#: src/tools/sss_cache.c:321 src/tools/sss_debuglevel.c:75
msgid "The debug level to run with"
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:215
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:199
msgid "The SSSD domain to use"
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:58
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:229 src/tools/sss_useradd.c:71
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:216 src/tools/sss_useradd.c:71
#: src/tools/sss_groupadd.c:56 src/tools/sss_groupdel.c:52
#: src/tools/sss_groupmod.c:63 src/tools/sss_groupshow.c:626
#: src/tools/sss_userdel.c:148 src/tools/sss_usermod.c:72
-#: src/tools/sss_cache.c:275
+#: src/tools/sss_cache.c:352
msgid "Error setting the locale\n"
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:65
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:91
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:236
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:269
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:115
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:223
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:283
msgid "Not enough memory\n"
msgstr ""
@@ -1007,35 +1067,43 @@ msgstr ""
msgid "User not specified\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:104
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:282
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:105
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:297
msgid "Error looking up public keys\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:94
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:76
msgid "Failed to open a socket\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:104
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:86
msgid "Failed to connect to the server\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:179
msgid "Failed to execute proxy command\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:213
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:197
msgid "The port to use to connect to the host"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:255
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:242
msgid "Host not specified\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:261
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:248
msgid "The path to the proxy command must be absolute\n"
msgstr ""
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:263
+msgid "Host name cannot be resolved\n"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:274
+msgid "Reverse lookup failed\n"
+msgstr ""
+
#: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
msgid "The UID of the user"
msgstr ""
@@ -1407,44 +1475,87 @@ msgstr ""
msgid "Transaction error. Could not modify user.\n"
msgstr ""
-#: src/tools/sss_cache.c:132
+#: src/tools/sss_cache.c:138
+msgid "No cache object matched the specified search\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:172
+#, c-format
+msgid "No such %s named %s, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:175
+#, c-format
+msgid "No objects of type %s in the cache, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:187
#, c-format
msgid "Couldn't invalidate %s"
msgstr ""
-#: src/tools/sss_cache.c:138
+#: src/tools/sss_cache.c:194
#, c-format
msgid "Couldn't invalidate %s %s"
msgstr ""
-#: src/tools/sss_cache.c:256
+#: src/tools/sss_cache.c:323
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:258
+#: src/tools/sss_cache.c:325
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:260
+#: src/tools/sss_cache.c:327
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:262
+#: src/tools/sss_cache.c:329
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:264
+#: src/tools/sss_cache.c:331
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:266
+#: src/tools/sss_cache.c:333
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:268
+#: src/tools/sss_cache.c:335
+msgid "Invalidate particular service"
+msgstr ""
+
+#: src/tools/sss_cache.c:337
+msgid "Invalidate all services"
+msgstr ""
+
+#: src/tools/sss_cache.c:340
+msgid "Invalidate particular autofs map"
+msgstr ""
+
+#: src/tools/sss_cache.c:342
+msgid "Invalidate all autofs maps"
+msgstr ""
+
+#: src/tools/sss_cache.c:345
msgid "Only invalidate entries from a particular domain"
msgstr ""
+#: src/tools/sss_cache.c:384
+msgid "Please select at least one object to invalidate\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:455
+#, c-format
+msgid "Could not open domain %s\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:457
+msgid "Could not open available domains\n"
+msgstr ""
+
#: src/tools/sss_debuglevel.c:43
msgid "\n"
msgstr ""
@@ -1462,6 +1573,6 @@ msgstr "Берун аз хотира\n"
msgid "%s must be run as root\n"
msgstr ""
-#: src/util/util.h:91
+#: src/util/util.h:93
msgid "Send the debug output to files instead of stderr"
msgstr ""
diff --git a/po/uk.po b/po/uk.po
index ccf87db5d..f100049cc 100644
--- a/po/uk.po
+++ b/po/uk.po
@@ -9,8 +9,8 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2012-03-12 16:37-0400\n"
-"PO-Revision-Date: 2012-03-08 11:41+0000\n"
+"POT-Creation-Date: 2012-05-11 14:59-0400\n"
+"PO-Revision-Date: 2012-04-20 16:09+0000\n"
"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
"Language-Team: Ukrainian <trans-uk@lists.fedoraproject.org>\n"
"Language: uk\n"
@@ -41,38 +41,43 @@ msgid "Ping timeout before restarting service"
msgstr "Час очікування відповіді на пінг перед перезапуском служби"
#: src/config/SSSDConfig.py:44
+msgid ""
+"Timeout between three failed ping checks and forcibly killing the service"
+msgstr ""
+
+#: src/config/SSSDConfig.py:45
msgid "Command to start service"
msgstr "Команда запуску служби"
-#: src/config/SSSDConfig.py:45
+#: src/config/SSSDConfig.py:46
msgid "Number of times to attempt connection to Data Providers"
msgstr "Кількість повторних спроб встановлення з’єднання з надавачами даних"
-#: src/config/SSSDConfig.py:46
+#: src/config/SSSDConfig.py:47
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig.py:49
+#: src/config/SSSDConfig.py:50
msgid "SSSD Services to start"
msgstr "Служби SSSD, які слід запустити"
-#: src/config/SSSDConfig.py:50
+#: src/config/SSSDConfig.py:51
msgid "SSSD Domains to start"
msgstr "Домени SSSD, які слід запустити"
-#: src/config/SSSDConfig.py:51
+#: src/config/SSSDConfig.py:52
msgid "Timeout for messages sent over the SBUS"
msgstr "Час очікування для повідомлень, надісланих за допомогою SBUS"
-#: src/config/SSSDConfig.py:52
+#: src/config/SSSDConfig.py:53
msgid "Regex to parse username and domain"
msgstr "Формальний вираз для обробки імені користувача і домену"
-#: src/config/SSSDConfig.py:53
+#: src/config/SSSDConfig.py:54
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr "Сумісний з printf формат показу повних назв"
-#: src/config/SSSDConfig.py:54
+#: src/config/SSSDConfig.py:55
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -80,50 +85,58 @@ msgstr ""
"Каталог у файловій системі, де SSSD має зберігати файли кешу відтворення "
"Kerberos."
-#: src/config/SSSDConfig.py:57
+#: src/config/SSSDConfig.py:58
msgid "Enumeration cache timeout length (seconds)"
msgstr "Тривалість часу очікування на дані кешу нумерування (у секундах)"
-#: src/config/SSSDConfig.py:58
+#: src/config/SSSDConfig.py:59
msgid "Entry cache background update timeout length (seconds)"
msgstr "Час очікування на фонове оновлення кешу записів (у секундах)"
-#: src/config/SSSDConfig.py:59 src/config/SSSDConfig.py:82
+#: src/config/SSSDConfig.py:60 src/config/SSSDConfig.py:85
msgid "Negative cache timeout length (seconds)"
msgstr "Від’ємний час очікування на дані з кешу (у секундах)"
-#: src/config/SSSDConfig.py:60
+#: src/config/SSSDConfig.py:61
msgid "Users that SSSD should explicitly ignore"
msgstr "Користувачі, яких SSSD має явно ігнорувати"
-#: src/config/SSSDConfig.py:61
+#: src/config/SSSDConfig.py:62
msgid "Groups that SSSD should explicitly ignore"
msgstr "Групи користувачів, які SSSD має явно ігнорувати"
-#: src/config/SSSDConfig.py:62
+#: src/config/SSSDConfig.py:63
msgid "Should filtered users appear in groups"
msgstr "Чи слід показувати відфільтрованих користувачів у групах"
-#: src/config/SSSDConfig.py:63
+#: src/config/SSSDConfig.py:64
msgid "The value of the password field the NSS provider should return"
msgstr "Значення поля пароля, яке має повертати постачальник даних NSS"
-#: src/config/SSSDConfig.py:64
+#: src/config/SSSDConfig.py:65
msgid "Override homedir value from the identity provider with this value"
msgstr ""
"Замінити значення назви домашнього каталогу від надавача профілю цим "
"значенням"
-#: src/config/SSSDConfig.py:65
+#: src/config/SSSDConfig.py:66
+#, fuzzy
+msgid ""
+"Substitute empty homedir value from the identity provider with this value"
+msgstr ""
+"Замінити значення назви домашнього каталогу від надавача профілю цим "
+"значенням"
+
+#: src/config/SSSDConfig.py:67
msgid "The list of shells users are allowed to log in with"
msgstr "Список оболонок, за допомогою яких можуть входити користувачі"
-#: src/config/SSSDConfig.py:66
+#: src/config/SSSDConfig.py:68
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr "Список оболонок, які буде заборонено і замінено резервною оболонкою"
-#: src/config/SSSDConfig.py:67
+#: src/config/SSSDConfig.py:69
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
@@ -132,16 +145,20 @@ msgstr ""
"недоступна, використовувати цю резервну"
#: src/config/SSSDConfig.py:70
+msgid "Shell to use if the provider does not list one"
+msgstr ""
+
+#: src/config/SSSDConfig.py:73
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
"Тривалість зберігання кешованих реєстраційних даних між входами до системи "
"(у днях)"
-#: src/config/SSSDConfig.py:71
+#: src/config/SSSDConfig.py:74
msgid "How many failed logins attempts are allowed when offline"
msgstr "Макс. дозволена кількість помилкових спроб входу у автономному режимі"
-#: src/config/SSSDConfig.py:72
+#: src/config/SSSDConfig.py:75
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
@@ -149,356 +166,360 @@ msgstr ""
"Тривалість (у хвилинах) заборони входу після досягнення значення "
"offline_failed_login_attempts"
-#: src/config/SSSDConfig.py:73
+#: src/config/SSSDConfig.py:76
msgid "What kind of messages are displayed to the user during authentication"
msgstr "Тип повідомлень, які буде показано користувачеві під час розпізнавання"
-#: src/config/SSSDConfig.py:74
+#: src/config/SSSDConfig.py:77
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
"Тривалість (у секундах) зберігання даних щодо розпізнавання у кеші для "
"запитів PAM"
-#: src/config/SSSDConfig.py:75
+#: src/config/SSSDConfig.py:78
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
"Визначає кількість днів між днем, коли має бути показано попередження, і "
"днем, коли завершиться строк дії пароля"
-#: src/config/SSSDConfig.py:78
+#: src/config/SSSDConfig.py:81
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
"Визначає, чи слід обробляти атрибути правил sudo, пов’язані з часовими "
"обмеженнями"
-#: src/config/SSSDConfig.py:79
+#: src/config/SSSDConfig.py:82
msgid ""
"How many seconds to keep sudorules cached before asking the provider again"
msgstr ""
"Тривалість зберігання правил sudo у кеші. Щойно сплине цей проміжок часу, "
"запит до служби буде надіслано знову."
-#: src/config/SSSDConfig.py:85
+#: src/config/SSSDConfig.py:88
+msgid "Whether to hash host names and adresses in the known_hosts file"
+msgstr ""
+
+#: src/config/SSSDConfig.py:91
msgid "Identity provider"
msgstr "Служба профілів"
-#: src/config/SSSDConfig.py:86
+#: src/config/SSSDConfig.py:92
msgid "Authentication provider"
msgstr "Служба розпізнавання"
-#: src/config/SSSDConfig.py:87
+#: src/config/SSSDConfig.py:93
msgid "Access control provider"
msgstr "Служба керування доступом"
-#: src/config/SSSDConfig.py:88
+#: src/config/SSSDConfig.py:94
msgid "Password change provider"
msgstr "Служба зміни паролів"
-#: src/config/SSSDConfig.py:89
+#: src/config/SSSDConfig.py:95
msgid "SUDO provider"
msgstr "Служба SUDO"
-#: src/config/SSSDConfig.py:90
+#: src/config/SSSDConfig.py:96
msgid "Autofs provider"
msgstr "Служба автоматизації файлових систем"
-#: src/config/SSSDConfig.py:91
+#: src/config/SSSDConfig.py:97
msgid "Session-loading provider"
msgstr "Служба завантаження сеансів"
-#: src/config/SSSDConfig.py:92
+#: src/config/SSSDConfig.py:98
msgid "Host identity provider"
msgstr "Служба профілів вузлів"
-#: src/config/SSSDConfig.py:95
+#: src/config/SSSDConfig.py:101
msgid "Minimum user ID"
msgstr "Мін. ідентифікатор користувача"
-#: src/config/SSSDConfig.py:96
+#: src/config/SSSDConfig.py:102
msgid "Maximum user ID"
msgstr "Макс. ідентифікатор користувача"
-#: src/config/SSSDConfig.py:97
+#: src/config/SSSDConfig.py:103
msgid "Enable enumerating all users/groups"
msgstr "Увімкнути нумерацію всіх користувачів/груп"
-#: src/config/SSSDConfig.py:98
+#: src/config/SSSDConfig.py:104
msgid "Cache credentials for offline login"
msgstr "Кешувати реєстраційні дані для автономного входу"
-#: src/config/SSSDConfig.py:99
+#: src/config/SSSDConfig.py:105
msgid "Store password hashes"
msgstr "Зберігати хеші паролів"
-#: src/config/SSSDConfig.py:100
+#: src/config/SSSDConfig.py:106
msgid "Display users/groups in fully-qualified form"
msgstr "Показувати записи користувачів/груп повністю"
-#: src/config/SSSDConfig.py:101 src/config/SSSDConfig.py:108
-#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
-#: src/config/SSSDConfig.py:111 src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:115 src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:117 src/config/SSSDConfig.py:118
msgid "Entry cache timeout length (seconds)"
msgstr "Тривалість кешування записів (у секундах)"
-#: src/config/SSSDConfig.py:102
+#: src/config/SSSDConfig.py:108
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
"Обмежити або надавати перевагу певному сімейству адрес під час виконання "
"пошуків DNS"
-#: src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:109
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
"Тривалість зберігання кешованих записів після останнього успішного входу (у "
"днях)"
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:110
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
"Тривалість очікування на відповідь від DNS під час визначення адрес серверів "
"(у секундах)"
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:111
msgid "The domain part of service discovery DNS query"
msgstr "Частина запиту щодо виявлення служби DNS, пов’язана з доменом"
-#: src/config/SSSDConfig.py:106
+#: src/config/SSSDConfig.py:112
msgid "Override GID value from the identity provider with this value"
msgstr ""
"Замінити значення ідентифікатора групи від надавача профілю цим значенням"
-#: src/config/SSSDConfig.py:107
+#: src/config/SSSDConfig.py:113
msgid "Treat usernames as case sensitive"
msgstr "Враховувати регістр у іменах користувачів"
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:121
msgid "IPA domain"
msgstr "Домен IPA"
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:122
msgid "IPA server address"
msgstr "Адреса сервера IPA"
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:123
msgid "IPA client hostname"
msgstr "Назва вузла клієнта IPA"
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:124
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
"Визначає, чи слід автоматично оновлювати запис DNS клієнтського вузла у "
"FreeIPA"
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:125
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
"Інтерфейс, чию адресу IP має бути використано для динамічних оновлень DNS"
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:126
msgid "Search base for HBAC related objects"
msgstr "Шукати у базі об’єкти, пов’язані з HBAC"
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:127
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
"Інтервал часу між послідовними сеансами пошуку правил HBAC на сервері IPA"
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:128
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr "Якщо вказано правила DENY, DENY_ALL або IGNORE"
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:129
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
"Якщо встановлено значення «false», аргумент вузла, наданий PAM, буде "
"проігноровано"
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:130
msgid "The automounter location this IPA client is using"
msgstr "Адреса автоматичного монтування, яку використовує цей клієнт IPA"
-#: src/config/SSSDConfig.py:127 src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:133 src/config/SSSDConfig.py:134
msgid "Kerberos server address"
msgstr "Адреса сервера Kerberos"
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:135
msgid "Kerberos realm"
msgstr "Область Kerberos"
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:136
msgid "Authentication timeout"
msgstr "Час очікування на розпізнавання"
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:139
msgid "Directory to store credential caches"
msgstr "Каталог, де зберігатиметься кеш реєстраційних даних"
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:140
msgid "Location of the user's credential cache"
msgstr "Адреса кешу реєстраційних даних користувача"
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:141
msgid "Location of the keytab to validate credentials"
msgstr "Адреса таблиці ключів для перевірки реєстраційних даних"
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:142
msgid "Enable credential validation"
msgstr "Увімкнути перевірку реєстраційних даних"
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:143
msgid "Store password if offline for later online authentication"
msgstr "Зберігати пароль у автономному режимі для розпізнавання у мережі"
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:144
msgid "Renewable lifetime of the TGT"
msgstr "Поновлюваний строк дії TGT"
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of the TGT"
msgstr "Строк дії TGT"
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:146
msgid "Time between two checks for renewal"
msgstr "Граничний час між двома перевірками для поновлення"
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:147
msgid "Enables FAST"
msgstr "Вмикає FAST"
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:148
msgid "Selects the principal to use for FAST"
msgstr "Визначає реєстраційний запис, який слід використовувати для FAST"
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:149
msgid "Enables principal canonicalization"
msgstr "Вмикає перетворення реєстраційних записів у канонічну форму"
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:152
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"Сервер, на якому запущено службу зміни паролів, якщо такий не вдасться "
"виявити у KDC"
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:155
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, адреса URI сервера LDAP"
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:156
msgid "The default base DN"
msgstr "Типова базова назва домену"
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:157
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Тип схеми, використаний на сервері LDAP, rfc2307"
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:158
msgid "The default bind DN"
msgstr "Типова назва домену прив’язки"
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:159
msgid "The type of the authentication token of the default bind DN"
msgstr "Тип розпізнавання для типової назви сервера прив’язки"
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:160
msgid "The authentication token of the default bind DN"
msgstr "Лексема розпізнавання типової назви сервера прив’язки"
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:161
msgid "Length of time to attempt connection"
msgstr "Проміжок часу між спробами встановлення з’єднання"
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:162
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Проміжок часу між спробами виконання синхронних операцій LDAP"
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:163
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
"Проміжок часу між повторними спробами встановлення з’єднання у автономному "
"режимі"
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:164
msgid "Use only the upper case for realm names"
msgstr "Використовувати для назв областей лише великі літери"
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:165
msgid "File that contains CA certificates"
msgstr "Файл, що містить сертифікати CA"
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:166
msgid "Path to CA certificate directory"
msgstr "Шлях до каталогу сертифікатів CA"
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:167
msgid "File that contains the client certificate"
msgstr "Файл, що містить клієнтський сертифікат"
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:168
msgid "File that contains the client key"
msgstr "Файл, що містить клієнтський ключ"
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:169
msgid "List of possible ciphers suites"
msgstr "Показати список можливих інструментів шифрування"
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:170
msgid "Require TLS certificate verification"
msgstr "Потрібна перевірка сертифіката TLS"
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:171
msgid "Specify the sasl mechanism to use"
msgstr "Вкажіть механізм SASL, який слід використовувати"
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:172
msgid "Specify the sasl authorization id to use"
msgstr "Вкажіть ідентифікатор уповноваження SASL, який слід використовувати"
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:173
msgid "Specify the sasl authorization realm to use"
msgstr "Вкажіть область уповноваження SASL, яку слід використовувати"
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:174
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
"Вказати мінімальне значення SSF для розпізнавання на LDAP за допомогою sasl"
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:175
msgid "Kerberos service keytab"
msgstr "Таблиця ключів служби Kerberos"
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:176
msgid "Use Kerberos auth for LDAP connection"
msgstr "Розпізнавання Kerberos для з’єднання LDAP"
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:177
msgid "Follow LDAP referrals"
msgstr "Переходити за посиланнями LDAP"
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:178
msgid "Lifetime of TGT for LDAP connection"
msgstr "Строк дії TGT для з’єднання LDAP"
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:179
msgid "How to dereference aliases"
msgstr "Спосіб розіменування псевдонімів"
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:180
msgid "Service name for DNS service lookups"
msgstr "Назва служби для пошуків за допомогою служби DNS"
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:181
msgid "The number of records to retrieve in a single LDAP query"
msgstr "Кількість записів, які слід отримувати у відповідь на один запит LDAP"
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:182
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
"Кількість учасників, яких має не вистачати для вмикання повного скасування "
"посилань"
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:183
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
@@ -506,430 +527,473 @@ msgstr ""
"Визначає, чи має бібліотека LDAP виконувати зворотній пошук з метою "
"переведення назв вузлів у канонічну форму під час прив’язки до SASL"
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:185
msgid "entryUSN attribute"
msgstr "Атрибут entryUSN"
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:186
msgid "lastUSN attribute"
msgstr "Атрибут lastUSN"
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:188
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr "Тривалість підтримування з’єднання з сервером LDAP перед роз’єднанням"
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:190
msgid "Disable the LDAP paging control"
msgstr "Вимкнути контроль сторінок у LDAP"
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:193
msgid "Length of time to wait for a search request"
msgstr "Тривалість очікування на дані запиту пошуку"
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:194
msgid "Length of time to wait for a enumeration request"
msgstr "Тривалість очікування на дані запиту щодо переліку"
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:195
msgid "Length of time between enumeration updates"
msgstr "Проміжок часу між оновленнями нумерації"
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:196
msgid "Length of time between cache cleanups"
msgstr "Проміжок часу між спорожненнями кешу"
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:197
msgid "Require TLS for ID lookups"
msgstr "Вимагати TLS для пошуків ідентифікаторів"
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:198
+msgid "Use ID-mapping of objectSID instead of pre-set IDs"
+msgstr ""
+
+#: src/config/SSSDConfig.py:199
msgid "Base DN for user lookups"
msgstr "Базова назва домену для пошуків користувачів"
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:200
msgid "Scope of user lookups"
msgstr "Діапазон пошуків користувачів"
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:201
msgid "Filter for user lookups"
msgstr "Фільтр пошуку користувачів"
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:202
msgid "Objectclass for users"
msgstr "Клас об’єктів для користувачів"
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:203
msgid "Username attribute"
msgstr "Атрибут імені користувача"
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:205
msgid "UID attribute"
msgstr "Атрибут UID"
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:206
msgid "Primary GID attribute"
msgstr "Головний атрибут GID"
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:207
msgid "GECOS attribute"
msgstr "Атрибут GECOS"
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:208
msgid "Home directory attribute"
msgstr "Атрибут домашнього каталогу"
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:209
msgid "Shell attribute"
msgstr "Атрибут оболонки"
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:210
msgid "UUID attribute"
msgstr "Атрибут UUID"
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:211 src/config/SSSDConfig.py:247
+#, fuzzy
+msgid "objectSID attribute"
+msgstr "Атрибут UID"
+
+#: src/config/SSSDConfig.py:212
+msgid "Active Directory primary group attribute for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:213
msgid "User principal attribute (for Kerberos)"
msgstr "Атрибут реєстраційного запису користувача (для Kerberos)"
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:214
msgid "Full Name"
msgstr "Повне ім'я"
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:215
msgid "memberOf attribute"
msgstr "Атрибут memberOf"
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:216
msgid "Modification time attribute"
msgstr "Атрибут часу зміни"
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:218
msgid "shadowLastChange attribute"
msgstr "Атрибут shadowLastChange"
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:219
msgid "shadowMin attribute"
msgstr "Атрибут shadowMin"
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:220
msgid "shadowMax attribute"
msgstr "Атрибут shadowMax"
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:221
msgid "shadowWarning attribute"
msgstr "Атрибут shadowWarning"
-#: src/config/SSSDConfig.py:213
+#: src/config/SSSDConfig.py:222
msgid "shadowInactive attribute"
msgstr "Атрибут shadowInactive"
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:223
msgid "shadowExpire attribute"
msgstr "Атрибут shadowExpire"
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:224
msgid "shadowFlag attribute"
msgstr "Атрибут shadowFlag"
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:225
msgid "Attribute listing authorized PAM services"
msgstr "Атрибути зі списком уповноважених служб PAM"
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:226
msgid "Attribute listing authorized server hosts"
msgstr "Атрибути зі списком уповноважених серверних вузлів"
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:227
msgid "krbLastPwdChange attribute"
msgstr "Атрибут krbLastPwdChange"
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:228
msgid "krbPasswordExpiration attribute"
msgstr "Атрибут krbPasswordExpiration"
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:229
msgid "Attribute indicating that server side password policies are active"
msgstr ""
"Атрибут, що відповідає за активізацію правил обробки паролів на боці сервера"
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:230
msgid "accountExpires attribute of AD"
msgstr "Атрибут accountExpires AD"
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:231
msgid "userAccountControl attribute of AD"
msgstr "Атрибут userAccountControl AD"
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:232
msgid "nsAccountLock attribute"
msgstr "Атрибут nsAccountLock"
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:233
msgid "loginDisabled attribute of NDS"
msgstr "Атрибут loginDisabled NDS"
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:234
msgid "loginExpirationTime attribute of NDS"
msgstr "Атрибут loginExpirationTime NDS"
-#: src/config/SSSDConfig.py:226
+#: src/config/SSSDConfig.py:235
msgid "loginAllowedTimeMap attribute of NDS"
msgstr "Атрибут loginAllowedTimeMap NDS"
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:236
msgid "SSH public key attribute"
msgstr "Атрибут відкритого ключа SSH"
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:238
msgid "Base DN for group lookups"
msgstr "Базова назва домену для пошуків груп"
-#: src/config/SSSDConfig.py:232
+#: src/config/SSSDConfig.py:241
msgid "Objectclass for groups"
msgstr "Клас об’єктів для груп"
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:242
msgid "Group name"
msgstr "Назва групи"
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:243
msgid "Group password"
msgstr "Пароль групи"
-#: src/config/SSSDConfig.py:235
+#: src/config/SSSDConfig.py:244
msgid "GID attribute"
msgstr "Атрибут GID"
-#: src/config/SSSDConfig.py:236
+#: src/config/SSSDConfig.py:245
msgid "Group member attribute"
msgstr "Атрибут членства у групі"
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:246
msgid "Group UUID attribute"
msgstr "Атрибут UUID групи"
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:248
msgid "Modification time attribute for groups"
msgstr "Атрибут часу зміни для груп"
-#: src/config/SSSDConfig.py:240
+#: src/config/SSSDConfig.py:250
msgid "Maximum nesting level SSSd will follow"
msgstr "Максимальний рівень вкладеності, який використовуватиме SSSD"
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:252
msgid "Base DN for netgroup lookups"
msgstr "Базова назва домену для пошуків груп у мережі"
-#: src/config/SSSDConfig.py:243
+#: src/config/SSSDConfig.py:253
msgid "Objectclass for netgroups"
msgstr "Клас об’єктів для груп у мережі"
-#: src/config/SSSDConfig.py:244
+#: src/config/SSSDConfig.py:254
msgid "Netgroup name"
msgstr "Назва мережевої групи"
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:255
msgid "Netgroups members attribute"
msgstr "Атрибут членства у групах у мережі"
-#: src/config/SSSDConfig.py:246
+#: src/config/SSSDConfig.py:256
msgid "Netgroup triple attribute"
msgstr "Атрибут трійки груп у мережі"
-#: src/config/SSSDConfig.py:247
+#: src/config/SSSDConfig.py:257
msgid "Netgroup UUID attribute"
msgstr "Атрибут UUID груп у мережі"
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:258
msgid "Modification time attribute for netgroups"
msgstr "Атрибут часу зміни для мережевих груп"
-#: src/config/SSSDConfig.py:250
+#: src/config/SSSDConfig.py:260
msgid "Base DN for service lookups"
msgstr "Базова сервер назв домену для пошуку служб"
-#: src/config/SSSDConfig.py:251
+#: src/config/SSSDConfig.py:261
msgid "Objectclass for services"
msgstr "Клас об’єктів для служб"
-#: src/config/SSSDConfig.py:252
+#: src/config/SSSDConfig.py:262
msgid "Service name attribute"
msgstr "Атрибут назви служби"
-#: src/config/SSSDConfig.py:253
+#: src/config/SSSDConfig.py:263
msgid "Service port attribute"
msgstr "Атрибут порту служби"
-#: src/config/SSSDConfig.py:254
+#: src/config/SSSDConfig.py:264
msgid "Service protocol attribute"
msgstr "Атрибут протоколу служби"
-#: src/config/SSSDConfig.py:258
+#: src/config/SSSDConfig.py:267
+msgid "Lower bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:268
+msgid "Upper bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:269
+msgid "Number of IDs for each slice when ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:270
+msgid "Use autorid-compatible algorithm for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:271
+msgid "Name of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:272
+msgid "SID of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:275
msgid "Policy to evaluate the password expiration"
msgstr "Правила оцінки завершення строку дії пароля"
-#: src/config/SSSDConfig.py:261
+#: src/config/SSSDConfig.py:278
msgid "LDAP filter to determine access privileges"
msgstr "Фільтр LDAP для визначення прав доступу"
-#: src/config/SSSDConfig.py:262
+#: src/config/SSSDConfig.py:279
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
"Атрибути які слід використовувати для визначення чинності облікового запису"
-#: src/config/SSSDConfig.py:263
+#: src/config/SSSDConfig.py:280
msgid "Which rules should be used to evaluate access control"
msgstr ""
"Правила, які має бути використано для визначення достатності прав доступу"
-#: src/config/SSSDConfig.py:266
+#: src/config/SSSDConfig.py:283
msgid "URI of an LDAP server where password changes are allowed"
msgstr "Адреса на сервері LDAP, для якої можливі зміни паролів"
-#: src/config/SSSDConfig.py:267
+#: src/config/SSSDConfig.py:284
msgid "DNS service name for LDAP password change server"
msgstr "Назва у службі DNS сервера зміни паролів LDAP"
-#: src/config/SSSDConfig.py:270
+#: src/config/SSSDConfig.py:287
msgid "Base DN for sudo rules lookups"
msgstr "Базова назва домену для пошуків правил sudo"
-#: src/config/SSSDConfig.py:271
+#: src/config/SSSDConfig.py:288
msgid "Enable periodical update of all sudo rules"
msgstr "Увімкнути періодичні оновлення всіх правил sudo"
-#: src/config/SSSDConfig.py:272
+#: src/config/SSSDConfig.py:289
msgid "Length of time between rules updates"
msgstr "Проміжок часу між оновленнями правил"
-#: src/config/SSSDConfig.py:273
+#: src/config/SSSDConfig.py:290
msgid "Object class for sudo rules"
msgstr "Клас об’єктів для правил sudo"
-#: src/config/SSSDConfig.py:274
+#: src/config/SSSDConfig.py:291
msgid "Sudo rule name"
msgstr "Назва правила sudo"
-#: src/config/SSSDConfig.py:275
+#: src/config/SSSDConfig.py:292
msgid "Sudo rule command attribute"
msgstr "Атрибут команди правила sudo"
-#: src/config/SSSDConfig.py:276
+#: src/config/SSSDConfig.py:293
msgid "Sudo rule host attribute"
msgstr "Атрибут вузла правила sudo"
-#: src/config/SSSDConfig.py:277
+#: src/config/SSSDConfig.py:294
msgid "Sudo rule user attribute"
msgstr "Атрибут користувача правила sudo"
-#: src/config/SSSDConfig.py:278
+#: src/config/SSSDConfig.py:295
msgid "Sudo rule option attribute"
msgstr "Атрибут параметрів правила sudo"
-#: src/config/SSSDConfig.py:279
+#: src/config/SSSDConfig.py:296
msgid "Sudo rule runasuser attribute"
msgstr ""
"Атрибут користувача, від імені якого виконуватиметься запуск, правила sudo"
-#: src/config/SSSDConfig.py:280
+#: src/config/SSSDConfig.py:297
msgid "Sudo rule runasgroup attribute"
msgstr "Атрибут групи, від імені якої виконуватиметься запуск, правила sudo"
-#: src/config/SSSDConfig.py:281
+#: src/config/SSSDConfig.py:298
msgid "Sudo rule notbefore attribute"
msgstr "Атрибут граничного часу початку дії правила sudo"
-#: src/config/SSSDConfig.py:282
+#: src/config/SSSDConfig.py:299
msgid "Sudo rule notafter attribute"
msgstr "Атрибут граничного часу завершення дії правила sudo"
-#: src/config/SSSDConfig.py:283
+#: src/config/SSSDConfig.py:300
msgid "Sudo rule order attribute"
msgstr "Атрибут порядку правила sudo"
-#: src/config/SSSDConfig.py:286
+#: src/config/SSSDConfig.py:303
msgid "Object class for automounter maps"
msgstr "Клас об’єктів для карт автоматичного монтування"
-#: src/config/SSSDConfig.py:287
+#: src/config/SSSDConfig.py:304
msgid "Automounter map name attribute"
msgstr "Атрибут назви карти автоматичного монтування"
-#: src/config/SSSDConfig.py:288
+#: src/config/SSSDConfig.py:305
msgid "Object class for automounter map entries"
msgstr "Клас об’єктів для записів карт автоматичного монтування"
-#: src/config/SSSDConfig.py:289
+#: src/config/SSSDConfig.py:306
msgid "Automounter map entry key attribute"
msgstr "Атрибут ключа запису карти автоматичного монтування"
-#: src/config/SSSDConfig.py:290
+#: src/config/SSSDConfig.py:307
msgid "Automounter map entry value attribute"
msgstr "Атрибут значення запису карти автоматичного монтування"
-#: src/config/SSSDConfig.py:291
+#: src/config/SSSDConfig.py:308
msgid "Base DN for automounter map lookups"
msgstr "Базовий сервер назв домену для пошуків карти автоматичного монтування"
-#: src/config/SSSDConfig.py:294
+#: src/config/SSSDConfig.py:311
msgid "Comma separated list of allowed users"
msgstr "Відокремлений комами список дозволених користувачів"
-#: src/config/SSSDConfig.py:295
+#: src/config/SSSDConfig.py:312
msgid "Comma separated list of prohibited users"
msgstr "Відокремлений комами список заборонених користувачів"
-#: src/config/SSSDConfig.py:298
+#: src/config/SSSDConfig.py:315
msgid "Default shell, /bin/bash"
msgstr "Типова оболонка, /bin/bash"
-#: src/config/SSSDConfig.py:299
+#: src/config/SSSDConfig.py:316
msgid "Base for home directories"
msgstr "Базова адреса домашніх каталогів"
-#: src/config/SSSDConfig.py:302
+#: src/config/SSSDConfig.py:319
msgid "The name of the NSS library to use"
msgstr "Назва бібліотеки NSS, яку слід використовувати"
-#: src/config/SSSDConfig.py:305
+#: src/config/SSSDConfig.py:320
+msgid "Whether to look up canonical group name from cache if possible"
+msgstr ""
+"Визначає, чи слід виконувати пошук канонічної назви групи у кеші, якщо це "
+"можливо"
+
+#: src/config/SSSDConfig.py:323
msgid "PAM stack to use"
msgstr "Стек PAM, який слід використовувати"
-#: src/monitor/monitor.c:2379
+#: src/monitor/monitor.c:2398
msgid "Become a daemon (default)"
msgstr "Запуститися фонову службу (типова поведінка)"
-#: src/monitor/monitor.c:2381
+#: src/monitor/monitor.c:2400
msgid "Run interactive (not a daemon)"
msgstr "Запустити у інтерактивному режимі (без фонової служби)"
-#: src/monitor/monitor.c:2383 src/tools/sss_debuglevel.c:77
+#: src/monitor/monitor.c:2402 src/tools/sss_debuglevel.c:77
msgid "Specify a non-default config file"
msgstr "Вказати нетиповий файл налаштувань"
-#: src/monitor/monitor.c:2385
+#: src/monitor/monitor.c:2404
msgid "Print version number and exit"
msgstr "Вивести номер версії і завершити роботу"
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381
-#: src/util/util.h:89
+#: src/providers/krb5/krb5_child.c:1606 src/providers/ldap/ldap_child.c:402
+#: src/util/util.h:91
msgid "Debug level"
msgstr "Рівень зневаджування"
-#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1608 src/providers/ldap/ldap_child.c:404
+#: src/util/util.h:95
msgid "Add debug timestamps"
msgstr "Додавати діагностичні часові позначки"
-#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385
-#: src/util/util.h:95
+#: src/providers/krb5/krb5_child.c:1610 src/providers/ldap/ldap_child.c:406
+#: src/util/util.h:97
msgid "Show timestamps with microseconds"
msgstr "Показувати мікросекунди у часових позначках"
-#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387
+#: src/providers/krb5/krb5_child.c:1612 src/providers/ldap/ldap_child.c:408
msgid "An open file descriptor for the debug logs"
msgstr "Дескриптор відкритого файла для запису журналів діагностики"
-#: src/providers/data_provider_be.c:2016
+#: src/providers/data_provider_be.c:2217
msgid "Domain of the information provider (mandatory)"
msgstr "Домен надання відомостей (обов’язковий)"
@@ -957,95 +1021,96 @@ msgstr "Сталася помилка, але не вдалося знайти
msgid "Unexpected error while looking for an error description"
msgstr "Неочікувана помилка під час пошуку опису помилки"
-#: src/sss_client/pam_sss.c:378
+#: src/sss_client/pam_sss.c:379
msgid "Passwords do not match"
msgstr "Паролі не збігаються"
-#: src/sss_client/pam_sss.c:571
+#: src/sss_client/pam_sss.c:567
msgid "Password reset by root is not supported."
msgstr "Підтримки скидання пароля користувачем root не передбачено."
-#: src/sss_client/pam_sss.c:612
+#: src/sss_client/pam_sss.c:608
msgid "Authenticated with cached credentials"
msgstr "Розпізнано за реєстраційними даними з кешу"
-#: src/sss_client/pam_sss.c:613
+#: src/sss_client/pam_sss.c:609
msgid ", your cached password will expire at: "
msgstr ", строк дії вашого кешованого пароля завершиться: "
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:639
#, c-format
msgid "Your password has expired. You have %d grace login(s) remaining."
msgstr "Строк дії вашого пароля вичерпано. Залишилося %d резервних входи."
-#: src/sss_client/pam_sss.c:689
+#: src/sss_client/pam_sss.c:685
#, c-format
msgid "Your password will expire in %d %s."
msgstr "Строк дії вашого пароля завершиться за %d %s."
-#: src/sss_client/pam_sss.c:738
+#: src/sss_client/pam_sss.c:734
msgid "Authentication is denied until: "
msgstr "Розпізнавання заборонено до: "
-#: src/sss_client/pam_sss.c:759
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr "Система працює у автономному режимі, зміна пароля неможлива"
-#: src/sss_client/pam_sss.c:789 src/sss_client/pam_sss.c:802
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr "Спроба зміни пароля зазнала невдачі. "
-#: src/sss_client/pam_sss.c:792 src/sss_client/pam_sss.c:803
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr "Повідомлення сервера: "
-#: src/sss_client/pam_sss.c:1286
+#: src/sss_client/pam_sss.c:1288
msgid "New Password: "
msgstr "Новий пароль: "
-#: src/sss_client/pam_sss.c:1287
+#: src/sss_client/pam_sss.c:1289
msgid "Reenter new Password: "
msgstr "Ще раз введіть новий пароль: "
-#: src/sss_client/pam_sss.c:1373
+#: src/sss_client/pam_sss.c:1375
msgid "Password: "
msgstr "Пароль: "
-#: src/sss_client/pam_sss.c:1405
+#: src/sss_client/pam_sss.c:1407
msgid "Current Password: "
msgstr "Поточний пароль: "
-#: src/sss_client/pam_sss.c:1552
+#: src/sss_client/pam_sss.c:1554
msgid "Password expired. Change your password now."
msgstr "Строк дії пароля вичерпано. Змініть ваш пароль."
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:211 src/tools/sss_useradd.c:48
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:43
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:615
#: src/tools/sss_userdel.c:131 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:254 src/tools/sss_debuglevel.c:75
+#: src/tools/sss_cache.c:321 src/tools/sss_debuglevel.c:75
msgid "The debug level to run with"
msgstr "Рівень діагностики під час запуску"
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:215
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:199
msgid "The SSSD domain to use"
msgstr "Домен SSSD, який слід використовувати"
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:58
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:229 src/tools/sss_useradd.c:71
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:216 src/tools/sss_useradd.c:71
#: src/tools/sss_groupadd.c:56 src/tools/sss_groupdel.c:52
#: src/tools/sss_groupmod.c:63 src/tools/sss_groupshow.c:626
#: src/tools/sss_userdel.c:148 src/tools/sss_usermod.c:72
-#: src/tools/sss_cache.c:275
+#: src/tools/sss_cache.c:352
msgid "Error setting the locale\n"
msgstr "Помилка під час спроби встановити локаль\n"
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:65
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:91
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:236
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:269
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:115
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:223
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:283
msgid "Not enough memory\n"
msgstr "Недостатньо пам’яті\n"
@@ -1053,35 +1118,43 @@ msgstr "Недостатньо пам’яті\n"
msgid "User not specified\n"
msgstr "Не вказано користувача\n"
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:104
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:282
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:105
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:297
msgid "Error looking up public keys\n"
msgstr "Помилка під час спроби пошуку відкритих ключів\n"
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:94
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:76
msgid "Failed to open a socket\n"
msgstr "Не вдалося відкрити сокет\n"
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:104
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:86
msgid "Failed to connect to the server\n"
msgstr "Не вдалося встановити з’єднання з сервером\n"
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:179
msgid "Failed to execute proxy command\n"
msgstr "Не вдалося виконати команду проксі-сервера\n"
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:213
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:197
msgid "The port to use to connect to the host"
msgstr "Порт, яким слід користуватися для встановлення з’єднань з вузлом"
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:255
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:242
msgid "Host not specified\n"
msgstr "Не вказано вузол\n"
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:261
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:248
msgid "The path to the proxy command must be absolute\n"
msgstr "Має бути вказано абсолютний шлях до команди проксі-сервера\n"
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:263
+msgid "Host name cannot be resolved\n"
+msgstr "Не вдалося визначити назву вузла\n"
+
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:274
+msgid "Reverse lookup failed\n"
+msgstr "Спроба зворотного пошуку зазнала невдачі\n"
+
#: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
msgid "The UID of the user"
msgstr "Ідентифікатор користувача"
@@ -1487,44 +1560,91 @@ msgid "Transaction error. Could not modify user.\n"
msgstr ""
"Помилка під час виконання операції. Не вдалося змінити запис користувача.\n"
-#: src/tools/sss_cache.c:132
+#: src/tools/sss_cache.c:138
+msgid "No cache object matched the specified search\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:172
+#, c-format
+msgid "No such %s named %s, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:175
+#, c-format
+msgid "No objects of type %s in the cache, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:187
#, c-format
msgid "Couldn't invalidate %s"
msgstr "Не вдалося скасувати визначення %s"
-#: src/tools/sss_cache.c:138
+#: src/tools/sss_cache.c:194
#, c-format
msgid "Couldn't invalidate %s %s"
msgstr "Не вдалося скасувати визначення %s %s"
-#: src/tools/sss_cache.c:256
+#: src/tools/sss_cache.c:323
msgid "Invalidate particular user"
msgstr "Скасувати визначення певного користувача"
-#: src/tools/sss_cache.c:258
+#: src/tools/sss_cache.c:325
msgid "Invalidate all users"
msgstr "Скасувати визначення всіх користувачів"
-#: src/tools/sss_cache.c:260
+#: src/tools/sss_cache.c:327
msgid "Invalidate particular group"
msgstr "Скасувати визначення певної групи"
-#: src/tools/sss_cache.c:262
+#: src/tools/sss_cache.c:329
msgid "Invalidate all groups"
msgstr "Скасувати визначення всіх груп"
-#: src/tools/sss_cache.c:264
+#: src/tools/sss_cache.c:331
msgid "Invalidate particular netgroup"
msgstr "Скасувати визначення певної мережевої групи"
-#: src/tools/sss_cache.c:266
+#: src/tools/sss_cache.c:333
msgid "Invalidate all netgroups"
msgstr "Скасувати визначення всіх мережевих груп"
-#: src/tools/sss_cache.c:268
+#: src/tools/sss_cache.c:335
+#, fuzzy
+msgid "Invalidate particular service"
+msgstr "Скасувати визначення певного користувача"
+
+#: src/tools/sss_cache.c:337
+#, fuzzy
+msgid "Invalidate all services"
+msgstr "Скасувати визначення всіх користувачів"
+
+#: src/tools/sss_cache.c:340
+#, fuzzy
+msgid "Invalidate particular autofs map"
+msgstr "Скасувати визначення певного користувача"
+
+#: src/tools/sss_cache.c:342
+#, fuzzy
+msgid "Invalidate all autofs maps"
+msgstr "Скасувати визначення всіх користувачів"
+
+#: src/tools/sss_cache.c:345
msgid "Only invalidate entries from a particular domain"
msgstr "Скасувати визначення лише записів з певного домену"
+#: src/tools/sss_cache.c:384
+msgid "Please select at least one object to invalidate\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:455
+#, c-format
+msgid "Could not open domain %s\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:457
+msgid "Could not open available domains\n"
+msgstr ""
+
#: src/tools/sss_debuglevel.c:43
msgid "\n"
msgstr "\n"
@@ -1542,6 +1662,6 @@ msgstr "Не вистачає пам'яті\n"
msgid "%s must be run as root\n"
msgstr "%s слід виконувати від імені користувача root\n"
-#: src/util/util.h:91
+#: src/util/util.h:93
msgid "Send the debug output to files instead of stderr"
msgstr "Надіслати діагностичні дані до файлів, а не до stderr"
diff --git a/po/zh_TW.po b/po/zh_TW.po
index d5c0a55bf..7c253a4a4 100644
--- a/po/zh_TW.po
+++ b/po/zh_TW.po
@@ -7,8 +7,8 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2012-03-12 16:37-0400\n"
-"PO-Revision-Date: 2012-03-08 11:41+0000\n"
+"POT-Creation-Date: 2012-05-11 14:59-0400\n"
+"PO-Revision-Date: 2012-04-20 16:09+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: Chinese (Taiwan) <trans-zh_TW@lists.fedoraproject.org>\n"
"Language: zh_TW\n"
@@ -38,851 +38,909 @@ msgid "Ping timeout before restarting service"
msgstr ""
#: src/config/SSSDConfig.py:44
+msgid ""
+"Timeout between three failed ping checks and forcibly killing the service"
+msgstr ""
+
+#: src/config/SSSDConfig.py:45
msgid "Command to start service"
msgstr "啟動服務的指令"
-#: src/config/SSSDConfig.py:45
+#: src/config/SSSDConfig.py:46
msgid "Number of times to attempt connection to Data Providers"
msgstr ""
-#: src/config/SSSDConfig.py:46
+#: src/config/SSSDConfig.py:47
msgid "The number of file descriptors that may be opened by this responder"
msgstr ""
-#: src/config/SSSDConfig.py:49
+#: src/config/SSSDConfig.py:50
msgid "SSSD Services to start"
msgstr "要啟動的 SSSD 服務"
-#: src/config/SSSDConfig.py:50
+#: src/config/SSSDConfig.py:51
msgid "SSSD Domains to start"
msgstr "要啟動的 SSSD 網域"
-#: src/config/SSSDConfig.py:51
+#: src/config/SSSDConfig.py:52
msgid "Timeout for messages sent over the SBUS"
msgstr ""
-#: src/config/SSSDConfig.py:52
+#: src/config/SSSDConfig.py:53
msgid "Regex to parse username and domain"
msgstr "用來解析使用者名稱與網域的正規表示式"
-#: src/config/SSSDConfig.py:53
+#: src/config/SSSDConfig.py:54
msgid "Printf-compatible format for displaying fully-qualified names"
msgstr ""
-#: src/config/SSSDConfig.py:54
+#: src/config/SSSDConfig.py:55
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
-#: src/config/SSSDConfig.py:57
+#: src/config/SSSDConfig.py:58
msgid "Enumeration cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:58
+#: src/config/SSSDConfig.py:59
msgid "Entry cache background update timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:59 src/config/SSSDConfig.py:82
+#: src/config/SSSDConfig.py:60 src/config/SSSDConfig.py:85
msgid "Negative cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:60
+#: src/config/SSSDConfig.py:61
msgid "Users that SSSD should explicitly ignore"
msgstr "SSSD 應該明確忽略的使用者"
-#: src/config/SSSDConfig.py:61
+#: src/config/SSSDConfig.py:62
msgid "Groups that SSSD should explicitly ignore"
msgstr "SSSD 應該明確忽略的群組"
-#: src/config/SSSDConfig.py:62
+#: src/config/SSSDConfig.py:63
msgid "Should filtered users appear in groups"
msgstr "過濾的使用者是否應該顯現在群組內"
-#: src/config/SSSDConfig.py:63
+#: src/config/SSSDConfig.py:64
msgid "The value of the password field the NSS provider should return"
msgstr ""
-#: src/config/SSSDConfig.py:64
+#: src/config/SSSDConfig.py:65
msgid "Override homedir value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:65
+#: src/config/SSSDConfig.py:66
+msgid ""
+"Substitute empty homedir value from the identity provider with this value"
+msgstr ""
+
+#: src/config/SSSDConfig.py:67
msgid "The list of shells users are allowed to log in with"
msgstr ""
-#: src/config/SSSDConfig.py:66
+#: src/config/SSSDConfig.py:68
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig.py:67
+#: src/config/SSSDConfig.py:69
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
#: src/config/SSSDConfig.py:70
+msgid "Shell to use if the provider does not list one"
+msgstr ""
+
+#: src/config/SSSDConfig.py:73
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
-#: src/config/SSSDConfig.py:71
+#: src/config/SSSDConfig.py:74
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
-#: src/config/SSSDConfig.py:72
+#: src/config/SSSDConfig.py:75
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
msgstr ""
-#: src/config/SSSDConfig.py:73
+#: src/config/SSSDConfig.py:76
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig.py:74
+#: src/config/SSSDConfig.py:77
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig.py:75
+#: src/config/SSSDConfig.py:78
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig.py:78
+#: src/config/SSSDConfig.py:81
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:79
+#: src/config/SSSDConfig.py:82
msgid ""
"How many seconds to keep sudorules cached before asking the provider again"
msgstr ""
-#: src/config/SSSDConfig.py:85
+#: src/config/SSSDConfig.py:88
+msgid "Whether to hash host names and adresses in the known_hosts file"
+msgstr ""
+
+#: src/config/SSSDConfig.py:91
msgid "Identity provider"
msgstr "身分提供者"
-#: src/config/SSSDConfig.py:86
+#: src/config/SSSDConfig.py:92
msgid "Authentication provider"
msgstr "認證提供者"
-#: src/config/SSSDConfig.py:87
+#: src/config/SSSDConfig.py:93
msgid "Access control provider"
msgstr "存取控制提供者"
-#: src/config/SSSDConfig.py:88
+#: src/config/SSSDConfig.py:94
msgid "Password change provider"
msgstr "密碼變更提供者"
-#: src/config/SSSDConfig.py:89
+#: src/config/SSSDConfig.py:95
msgid "SUDO provider"
msgstr ""
-#: src/config/SSSDConfig.py:90
+#: src/config/SSSDConfig.py:96
msgid "Autofs provider"
msgstr ""
-#: src/config/SSSDConfig.py:91
+#: src/config/SSSDConfig.py:97
msgid "Session-loading provider"
msgstr ""
-#: src/config/SSSDConfig.py:92
+#: src/config/SSSDConfig.py:98
msgid "Host identity provider"
msgstr ""
-#: src/config/SSSDConfig.py:95
+#: src/config/SSSDConfig.py:101
msgid "Minimum user ID"
msgstr "最小的使用者 ID"
-#: src/config/SSSDConfig.py:96
+#: src/config/SSSDConfig.py:102
msgid "Maximum user ID"
msgstr "最大的使用者 ID"
-#: src/config/SSSDConfig.py:97
+#: src/config/SSSDConfig.py:103
msgid "Enable enumerating all users/groups"
msgstr "啟用所有使用者或群組的列舉"
-#: src/config/SSSDConfig.py:98
+#: src/config/SSSDConfig.py:104
msgid "Cache credentials for offline login"
msgstr "供離線登入使用的快取憑證"
-#: src/config/SSSDConfig.py:99
+#: src/config/SSSDConfig.py:105
msgid "Store password hashes"
msgstr ""
-#: src/config/SSSDConfig.py:100
+#: src/config/SSSDConfig.py:106
msgid "Display users/groups in fully-qualified form"
msgstr ""
-#: src/config/SSSDConfig.py:101 src/config/SSSDConfig.py:108
-#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
-#: src/config/SSSDConfig.py:111 src/config/SSSDConfig.py:112
+#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:115 src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:117 src/config/SSSDConfig.py:118
msgid "Entry cache timeout length (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:102
+#: src/config/SSSDConfig.py:108
msgid ""
"Restrict or prefer a specific address family when performing DNS lookups"
msgstr ""
-#: src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:109
msgid "How long to keep cached entries after last successful login (days)"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:110
msgid "How long to wait for replies from DNS when resolving servers (seconds)"
msgstr ""
-#: src/config/SSSDConfig.py:105
+#: src/config/SSSDConfig.py:111
msgid "The domain part of service discovery DNS query"
msgstr ""
-#: src/config/SSSDConfig.py:106
+#: src/config/SSSDConfig.py:112
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:107
+#: src/config/SSSDConfig.py:113
msgid "Treat usernames as case sensitive"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:121
msgid "IPA domain"
msgstr "IPA 網域"
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:122
msgid "IPA server address"
msgstr "IPA 伺服器位址"
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:123
msgid "IPA client hostname"
msgstr "IPA 客戶端主機名稱"
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:124
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:125
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:126
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:127
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:128
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:129
msgid "If set to false, host argument given by PAM will be ignored"
msgstr ""
-#: src/config/SSSDConfig.py:124
+#: src/config/SSSDConfig.py:130
msgid "The automounter location this IPA client is using"
msgstr ""
-#: src/config/SSSDConfig.py:127 src/config/SSSDConfig.py:128
+#: src/config/SSSDConfig.py:133 src/config/SSSDConfig.py:134
msgid "Kerberos server address"
msgstr "Kerberos 伺服器位址"
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:135
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:136
msgid "Authentication timeout"
msgstr "認證逾時"
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:139
msgid "Directory to store credential caches"
msgstr "儲存憑證快取的目錄"
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:140
msgid "Location of the user's credential cache"
msgstr "使用者憑證快取的位置"
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:141
msgid "Location of the keytab to validate credentials"
msgstr "驗證憑證用的金鑰表格位置"
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:142
msgid "Enable credential validation"
msgstr "啟用憑證驗證"
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:143
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:144
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:145
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:146
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:147
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:148
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:149
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:152
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:155
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:156
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:157
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:158
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:159
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:160
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:161
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:162
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:157
+#: src/config/SSSDConfig.py:163
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:164
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:165
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:160
+#: src/config/SSSDConfig.py:166
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:161
+#: src/config/SSSDConfig.py:167
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:168
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:169
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:170
msgid "Require TLS certificate verification"
msgstr "需要 TLS 憑證驗證"
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:171
msgid "Specify the sasl mechanism to use"
msgstr "指定要使用的 sasl 機制"
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:172
msgid "Specify the sasl authorization id to use"
msgstr "指定要使用的 sasl 認證 id"
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:173
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:174
msgid "Specify the minimal SSF for LDAP sasl authorization"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:175
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:176
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:177
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:172
+#: src/config/SSSDConfig.py:178
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:179
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:180
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:181
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:182
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:183
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:185
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:186
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:188
msgid "How long to retain a connection to the LDAP server before disconnecting"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:190
msgid "Disable the LDAP paging control"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:193
msgid "Length of time to wait for a search request"
msgstr "搜尋請求的等候時間長度"
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:194
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:195
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:196
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:197
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:198
+msgid "Use ID-mapping of objectSID instead of pre-set IDs"
+msgstr ""
+
+#: src/config/SSSDConfig.py:199
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:200
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:201
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:202
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:203
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:205
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:206
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:207
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:208
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:202
+#: src/config/SSSDConfig.py:209
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:210
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:204
+#: src/config/SSSDConfig.py:211 src/config/SSSDConfig.py:247
+msgid "objectSID attribute"
+msgstr ""
+
+#: src/config/SSSDConfig.py:212
+msgid "Active Directory primary group attribute for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:213
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:205
+#: src/config/SSSDConfig.py:214
msgid "Full Name"
msgstr "全名"
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:215
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:216
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:218
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:219
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:220
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:221
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:213
+#: src/config/SSSDConfig.py:222
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:223
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:215
+#: src/config/SSSDConfig.py:224
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:225
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:226
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:227
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:228
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:229
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:230
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:231
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:223
+#: src/config/SSSDConfig.py:232
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:224
+#: src/config/SSSDConfig.py:233
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:234
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:226
+#: src/config/SSSDConfig.py:235
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:227
+#: src/config/SSSDConfig.py:236
msgid "SSH public key attribute"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:238
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:232
+#: src/config/SSSDConfig.py:241
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:242
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:243
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:235
+#: src/config/SSSDConfig.py:244
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:236
+#: src/config/SSSDConfig.py:245
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:246
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:248
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:240
+#: src/config/SSSDConfig.py:250
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:252
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:243
+#: src/config/SSSDConfig.py:253
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:244
+#: src/config/SSSDConfig.py:254
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:255
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:246
+#: src/config/SSSDConfig.py:256
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:247
+#: src/config/SSSDConfig.py:257
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:258
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:250
+#: src/config/SSSDConfig.py:260
msgid "Base DN for service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:251
+#: src/config/SSSDConfig.py:261
msgid "Objectclass for services"
msgstr ""
-#: src/config/SSSDConfig.py:252
+#: src/config/SSSDConfig.py:262
msgid "Service name attribute"
msgstr ""
-#: src/config/SSSDConfig.py:253
+#: src/config/SSSDConfig.py:263
msgid "Service port attribute"
msgstr ""
-#: src/config/SSSDConfig.py:254
+#: src/config/SSSDConfig.py:264
msgid "Service protocol attribute"
msgstr ""
-#: src/config/SSSDConfig.py:258
+#: src/config/SSSDConfig.py:267
+msgid "Lower bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:268
+msgid "Upper bound for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:269
+msgid "Number of IDs for each slice when ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:270
+msgid "Use autorid-compatible algorithm for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:271
+msgid "Name of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:272
+msgid "SID of the default domain for ID-mapping"
+msgstr ""
+
+#: src/config/SSSDConfig.py:275
msgid "Policy to evaluate the password expiration"
msgstr "評估密碼過期時效的策略"
-#: src/config/SSSDConfig.py:261
+#: src/config/SSSDConfig.py:278
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:262
+#: src/config/SSSDConfig.py:279
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:263
+#: src/config/SSSDConfig.py:280
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:266
+#: src/config/SSSDConfig.py:283
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:267
+#: src/config/SSSDConfig.py:284
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:270
+#: src/config/SSSDConfig.py:287
msgid "Base DN for sudo rules lookups"
msgstr ""
-#: src/config/SSSDConfig.py:271
+#: src/config/SSSDConfig.py:288
msgid "Enable periodical update of all sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:272
+#: src/config/SSSDConfig.py:289
msgid "Length of time between rules updates"
msgstr ""
-#: src/config/SSSDConfig.py:273
+#: src/config/SSSDConfig.py:290
msgid "Object class for sudo rules"
msgstr ""
-#: src/config/SSSDConfig.py:274
+#: src/config/SSSDConfig.py:291
msgid "Sudo rule name"
msgstr ""
-#: src/config/SSSDConfig.py:275
+#: src/config/SSSDConfig.py:292
msgid "Sudo rule command attribute"
msgstr ""
-#: src/config/SSSDConfig.py:276
+#: src/config/SSSDConfig.py:293
msgid "Sudo rule host attribute"
msgstr ""
-#: src/config/SSSDConfig.py:277
+#: src/config/SSSDConfig.py:294
msgid "Sudo rule user attribute"
msgstr ""
-#: src/config/SSSDConfig.py:278
+#: src/config/SSSDConfig.py:295
msgid "Sudo rule option attribute"
msgstr ""
-#: src/config/SSSDConfig.py:279
+#: src/config/SSSDConfig.py:296
msgid "Sudo rule runasuser attribute"
msgstr ""
-#: src/config/SSSDConfig.py:280
+#: src/config/SSSDConfig.py:297
msgid "Sudo rule runasgroup attribute"
msgstr ""
-#: src/config/SSSDConfig.py:281
+#: src/config/SSSDConfig.py:298
msgid "Sudo rule notbefore attribute"
msgstr ""
-#: src/config/SSSDConfig.py:282
+#: src/config/SSSDConfig.py:299
msgid "Sudo rule notafter attribute"
msgstr ""
-#: src/config/SSSDConfig.py:283
+#: src/config/SSSDConfig.py:300
msgid "Sudo rule order attribute"
msgstr ""
-#: src/config/SSSDConfig.py:286
+#: src/config/SSSDConfig.py:303
msgid "Object class for automounter maps"
msgstr ""
-#: src/config/SSSDConfig.py:287
+#: src/config/SSSDConfig.py:304
msgid "Automounter map name attribute"
msgstr ""
-#: src/config/SSSDConfig.py:288
+#: src/config/SSSDConfig.py:305
msgid "Object class for automounter map entries"
msgstr ""
-#: src/config/SSSDConfig.py:289
+#: src/config/SSSDConfig.py:306
msgid "Automounter map entry key attribute"
msgstr ""
-#: src/config/SSSDConfig.py:290
+#: src/config/SSSDConfig.py:307
msgid "Automounter map entry value attribute"
msgstr ""
-#: src/config/SSSDConfig.py:291
+#: src/config/SSSDConfig.py:308
msgid "Base DN for automounter map lookups"
msgstr ""
-#: src/config/SSSDConfig.py:294
+#: src/config/SSSDConfig.py:311
msgid "Comma separated list of allowed users"
msgstr "許可的使用者清單,請使用半形逗號作為分隔"
-#: src/config/SSSDConfig.py:295
+#: src/config/SSSDConfig.py:312
msgid "Comma separated list of prohibited users"
msgstr "被禁止的使用者清單,請使用半形逗號作為分隔"
-#: src/config/SSSDConfig.py:298
+#: src/config/SSSDConfig.py:315
msgid "Default shell, /bin/bash"
msgstr "預設 shell,/bin/bash"
-#: src/config/SSSDConfig.py:299
+#: src/config/SSSDConfig.py:316
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:302
+#: src/config/SSSDConfig.py:319
msgid "The name of the NSS library to use"
msgstr "要使用的 NSS 函式庫名稱"
-#: src/config/SSSDConfig.py:305
+#: src/config/SSSDConfig.py:320
+msgid "Whether to look up canonical group name from cache if possible"
+msgstr ""
+
+#: src/config/SSSDConfig.py:323
msgid "PAM stack to use"
msgstr "要使用的 PAM 堆疊"
-#: src/monitor/monitor.c:2379
+#: src/monitor/monitor.c:2398
msgid "Become a daemon (default)"
msgstr "作為幕後程式 (預設)"
-#: src/monitor/monitor.c:2381
+#: src/monitor/monitor.c:2400
msgid "Run interactive (not a daemon)"
msgstr "以互動方式執行 (非幕後程式)"
-#: src/monitor/monitor.c:2383 src/tools/sss_debuglevel.c:77
+#: src/monitor/monitor.c:2402 src/tools/sss_debuglevel.c:77
msgid "Specify a non-default config file"
msgstr "指定非預設的配置檔"
-#: src/monitor/monitor.c:2385
+#: src/monitor/monitor.c:2404
msgid "Print version number and exit"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:381
-#: src/util/util.h:89
+#: src/providers/krb5/krb5_child.c:1606 src/providers/ldap/ldap_child.c:402
+#: src/util/util.h:91
msgid "Debug level"
msgstr "除錯層級"
-#: src/providers/krb5/krb5_child.c:1577 src/providers/ldap/ldap_child.c:383
-#: src/util/util.h:93
+#: src/providers/krb5/krb5_child.c:1608 src/providers/ldap/ldap_child.c:404
+#: src/util/util.h:95
msgid "Add debug timestamps"
msgstr "加入除錯時間戳記"
-#: src/providers/krb5/krb5_child.c:1579 src/providers/ldap/ldap_child.c:385
-#: src/util/util.h:95
+#: src/providers/krb5/krb5_child.c:1610 src/providers/ldap/ldap_child.c:406
+#: src/util/util.h:97
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1581 src/providers/ldap/ldap_child.c:387
+#: src/providers/krb5/krb5_child.c:1612 src/providers/ldap/ldap_child.c:408
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:2016
+#: src/providers/data_provider_be.c:2217
msgid "Domain of the information provider (mandatory)"
msgstr ""
@@ -910,95 +968,96 @@ msgstr ""
msgid "Unexpected error while looking for an error description"
msgstr ""
-#: src/sss_client/pam_sss.c:378
+#: src/sss_client/pam_sss.c:379
msgid "Passwords do not match"
msgstr "密碼不相符"
-#: src/sss_client/pam_sss.c:571
+#: src/sss_client/pam_sss.c:567
msgid "Password reset by root is not supported."
msgstr ""
-#: src/sss_client/pam_sss.c:612
+#: src/sss_client/pam_sss.c:608
msgid "Authenticated with cached credentials"
msgstr ""
-#: src/sss_client/pam_sss.c:613
+#: src/sss_client/pam_sss.c:609
msgid ", your cached password will expire at: "
msgstr ",您快取的密碼將在此刻過期:"
-#: src/sss_client/pam_sss.c:643
+#: src/sss_client/pam_sss.c:639
#, c-format
msgid "Your password has expired. You have %d grace login(s) remaining."
msgstr ""
-#: src/sss_client/pam_sss.c:689
+#: src/sss_client/pam_sss.c:685
#, c-format
msgid "Your password will expire in %d %s."
msgstr ""
-#: src/sss_client/pam_sss.c:738
+#: src/sss_client/pam_sss.c:734
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:759
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr "系統已離線,不可能作密碼變更"
-#: src/sss_client/pam_sss.c:789 src/sss_client/pam_sss.c:802
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr "密碼變更失敗。"
-#: src/sss_client/pam_sss.c:792 src/sss_client/pam_sss.c:803
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr "伺服器訊息:"
-#: src/sss_client/pam_sss.c:1286
+#: src/sss_client/pam_sss.c:1288
msgid "New Password: "
msgstr "新密碼:"
-#: src/sss_client/pam_sss.c:1287
+#: src/sss_client/pam_sss.c:1289
msgid "Reenter new Password: "
msgstr "再次輸入新密碼:"
-#: src/sss_client/pam_sss.c:1373
+#: src/sss_client/pam_sss.c:1375
msgid "Password: "
msgstr "密碼:"
-#: src/sss_client/pam_sss.c:1405
+#: src/sss_client/pam_sss.c:1407
msgid "Current Password: "
msgstr "目前的密碼:"
-#: src/sss_client/pam_sss.c:1552
+#: src/sss_client/pam_sss.c:1554
msgid "Password expired. Change your password now."
msgstr "密碼已過期。請立刻變更您的密碼。"
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:211 src/tools/sss_useradd.c:48
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195 src/tools/sss_useradd.c:48
#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:43
#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:615
#: src/tools/sss_userdel.c:131 src/tools/sss_usermod.c:47
-#: src/tools/sss_cache.c:254 src/tools/sss_debuglevel.c:75
+#: src/tools/sss_cache.c:321 src/tools/sss_debuglevel.c:75
msgid "The debug level to run with"
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:215
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:199
msgid "The SSSD domain to use"
msgstr ""
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:58
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:229 src/tools/sss_useradd.c:71
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:216 src/tools/sss_useradd.c:71
#: src/tools/sss_groupadd.c:56 src/tools/sss_groupdel.c:52
#: src/tools/sss_groupmod.c:63 src/tools/sss_groupshow.c:626
#: src/tools/sss_userdel.c:148 src/tools/sss_usermod.c:72
-#: src/tools/sss_cache.c:275
+#: src/tools/sss_cache.c:352
msgid "Error setting the locale\n"
msgstr "設定區域設置時發生錯誤\n"
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:65
#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:91
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:236
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:269
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:115
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:223
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:283
msgid "Not enough memory\n"
msgstr ""
@@ -1006,35 +1065,43 @@ msgstr ""
msgid "User not specified\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:104
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:282
+#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:105
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:297
msgid "Error looking up public keys\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:94
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:76
msgid "Failed to open a socket\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:104
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:86
msgid "Failed to connect to the server\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:195
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:179
msgid "Failed to execute proxy command\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:213
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:197
msgid "The port to use to connect to the host"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:255
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:242
msgid "Host not specified\n"
msgstr ""
-#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:261
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:248
msgid "The path to the proxy command must be absolute\n"
msgstr ""
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:263
+msgid "Host name cannot be resolved\n"
+msgstr ""
+
+#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:274
+msgid "Reverse lookup failed\n"
+msgstr ""
+
#: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
msgid "The UID of the user"
msgstr "使用者的 UID"
@@ -1406,44 +1473,87 @@ msgstr "無法修改使用者 - 使用者是否已經是群組的成員?\n"
msgid "Transaction error. Could not modify user.\n"
msgstr "處理事項發生錯誤。無法修改使用者。\n"
-#: src/tools/sss_cache.c:132
+#: src/tools/sss_cache.c:138
+msgid "No cache object matched the specified search\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:172
+#, c-format
+msgid "No such %s named %s, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:175
+#, c-format
+msgid "No objects of type %s in the cache, skipping\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:187
#, c-format
msgid "Couldn't invalidate %s"
msgstr ""
-#: src/tools/sss_cache.c:138
+#: src/tools/sss_cache.c:194
#, c-format
msgid "Couldn't invalidate %s %s"
msgstr ""
-#: src/tools/sss_cache.c:256
+#: src/tools/sss_cache.c:323
msgid "Invalidate particular user"
msgstr ""
-#: src/tools/sss_cache.c:258
+#: src/tools/sss_cache.c:325
msgid "Invalidate all users"
msgstr ""
-#: src/tools/sss_cache.c:260
+#: src/tools/sss_cache.c:327
msgid "Invalidate particular group"
msgstr ""
-#: src/tools/sss_cache.c:262
+#: src/tools/sss_cache.c:329
msgid "Invalidate all groups"
msgstr ""
-#: src/tools/sss_cache.c:264
+#: src/tools/sss_cache.c:331
msgid "Invalidate particular netgroup"
msgstr ""
-#: src/tools/sss_cache.c:266
+#: src/tools/sss_cache.c:333
msgid "Invalidate all netgroups"
msgstr ""
-#: src/tools/sss_cache.c:268
+#: src/tools/sss_cache.c:335
+msgid "Invalidate particular service"
+msgstr ""
+
+#: src/tools/sss_cache.c:337
+msgid "Invalidate all services"
+msgstr ""
+
+#: src/tools/sss_cache.c:340
+msgid "Invalidate particular autofs map"
+msgstr ""
+
+#: src/tools/sss_cache.c:342
+msgid "Invalidate all autofs maps"
+msgstr ""
+
+#: src/tools/sss_cache.c:345
msgid "Only invalidate entries from a particular domain"
msgstr ""
+#: src/tools/sss_cache.c:384
+msgid "Please select at least one object to invalidate\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:455
+#, c-format
+msgid "Could not open domain %s\n"
+msgstr ""
+
+#: src/tools/sss_cache.c:457
+msgid "Could not open available domains\n"
+msgstr ""
+
#: src/tools/sss_debuglevel.c:43
msgid "\n"
msgstr ""
@@ -1461,6 +1571,6 @@ msgstr "記憶體耗盡\n"
msgid "%s must be run as root\n"
msgstr "%s 必須以 root 身分執行\n"
-#: src/util/util.h:91
+#: src/util/util.h:93
msgid "Send the debug output to files instead of stderr"
msgstr "傳送除錯輸出到檔案而不是標準輸出"
diff --git a/src/man/po/cs.po b/src/man/po/cs.po
index 667902a49..086a85bb5 100644
--- a/src/man/po/cs.po
+++ b/src/man/po/cs.po
@@ -8,8 +8,8 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-03-12 16:37-0300\n"
-"PO-Revision-Date: 2012-03-08 11:52+0000\n"
+"POT-Creation-Date: 2012-05-11 14:59-0300\n"
+"PO-Revision-Date: 2012-04-20 17:34+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: Czech (http://www.transifex.net/projects/p/fedora/language/"
"cs/)\n"
@@ -114,18 +114,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1348 sssd-ldap.5.xml:2096
+#: sss_groupmod.8.xml:74 sssd.conf.5.xml:1585 sssd-ldap.5.xml:2177
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138 sss_ssh_authorizedkeys.1.xml:96
+#: sssd-ipa.5.xml:581 sssd.8.xml:191 sss_obfuscate.8.xml:103
+#: sss_useradd.8.xml:169 sssd-krb5.5.xml:451 sss_groupadd.8.xml:60
+#: sss_userdel.8.xml:95 sss_groupdel.8.xml:48 sss_groupshow.8.xml:60
+#: sss_usermod.8.xml:140 sss_ssh_authorizedkeys.1.xml:96
#: sss_ssh_knownhostsproxy.1.xml:95
msgid "SEE ALSO"
msgstr "VIZ TAKÉ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
+#: sss_groupmod.8.xml:76
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -224,7 +224,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:1431
msgid "Section parameters"
msgstr ""
@@ -254,33 +254,35 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:88
msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
+"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
+"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
+"\"with_ssh\">, ssh</phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
+#: sssd.conf.5.xml:96 sssd.conf.5.xml:288
msgid "reconnection_retries (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
+#: sssd.conf.5.xml:99 sssd.conf.5.xml:291
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
+#: sssd.conf.5.xml:104 sssd.conf.5.xml:296
msgid "Default: 3"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:109
msgid "domains"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:112
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -289,19 +291,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
+#: sssd.conf.5.xml:122
msgid "re_expression (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
+#: sssd.conf.5.xml:125
msgid ""
"Regular expression that describes how to parse the string containing user "
"name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
+#: sssd.conf.5.xml:129
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -309,7 +311,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
+#: sssd.conf.5.xml:134
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -317,19 +319,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:141
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
+#: sssd.conf.5.xml:148
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
+#: sssd.conf.5.xml:151
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to translate "
@@ -337,17 +339,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
+#: sssd.conf.5.xml:159
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
+#: sssd.conf.5.xml:164
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
+#: sssd.conf.5.xml:167
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -356,7 +358,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
+#: sssd.conf.5.xml:175
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -364,45 +366,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
+#: sssd.conf.5.xml:181
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:185
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
+#: sssd.conf.5.xml:192
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
+#: sssd.conf.5.xml:195
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
+#: sssd.conf.5.xml:199
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
+#: sssd.conf.5.xml:205
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:212
+msgid "force_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:215
+msgid ""
+"If a service is not responding to ping checks (see the <quote>timeout</"
+"quote> option), it is first sent the SIGTERM signal that instructs it to "
+"quit gracefully. If the service does not terminate after "
+"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down "
+"by sending a SIGKILL signal."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:542 sssd.conf.5.xml:690
+#: sssd-ldap.5.xml:1034
+msgid "Default: 60"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:63
msgid ""
@@ -415,12 +438,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
+#: sssd.conf.5.xml:234
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
+#: sssd.conf.5.xml:236
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -429,128 +452,128 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
+#: sssd.conf.5.xml:243
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
+#: sssd.conf.5.xml:245
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
+#: sssd.conf.5.xml:249
msgid "debug_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
+#: sssd.conf.5.xml:253
msgid "debug_timestamps (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
+#: sssd.conf.5.xml:256
msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:393 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:408 sssd.conf.5.xml:793
+#: sssd-ldap.5.xml:1399 sssd-ldap.5.xml:1525 sssd-ipa.5.xml:225
+#: sssd-ipa.5.xml:260
msgid "Default: true"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
+#: sssd.conf.5.xml:264
msgid "debug_microseconds (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
+#: sssd.conf.5.xml:267
msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:658 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:270 sssd.conf.5.xml:740 sssd.conf.5.xml:1368
+#: sssd-ldap.5.xml:620 sssd-ldap.5.xml:1312 sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1468 sssd-ldap.5.xml:1874 sssd-ipa.5.xml:123
+#: sssd-ipa.5.xml:320 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269
+#: sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "fd_limit"
+#: sssd.conf.5.xml:275
+msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:278
msgid ""
-"This option specifies the maximum number of file descriptors that may be "
-"opened at one time by this SSSD process. On systems where SSSD is granted "
-"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
-"systems without this capability, the resulting value will be the lower value "
-"of this or the limits.conf \"hard\" limit."
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:282
-msgid "Default: 8192 (or limits.conf \"hard\" limit)"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:283 sssd-ldap.5.xml:1183
+msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:287
-msgid "command (string)"
+#: sssd.conf.5.xml:301
+msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:290
+#: sssd.conf.5.xml:304
msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>. This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
+"This option specifies the maximum number of file descriptors that may be "
+"opened at one time by this SSSD process. On systems where SSSD is granted "
+"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
+"systems without this capability, the resulting value will be the lower value "
+"of this or the limits.conf \"hard\" limit."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298
-msgid "Default: <command>sssd_${service_name}</command>"
+#: sssd.conf.5.xml:313
+msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:306
+#: sssd.conf.5.xml:321
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:308
+#: sssd.conf.5.xml:323
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:313
+#: sssd.conf.5.xml:328
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316
+#: sssd.conf.5.xml:331
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:335
msgid "Default: 120"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:325
+#: sssd.conf.5.xml:340
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:328
+#: sssd.conf.5.xml:343
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -558,7 +581,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:349
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -568,7 +591,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:359
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -577,17 +600,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:352
+#: sssd.conf.5.xml:367
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:357
+#: sssd.conf.5.xml:372
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:375
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -595,17 +618,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:686 sssd-krb5.5.xml:223
+#: sssd.conf.5.xml:381 sssd.conf.5.xml:768 sssd-krb5.5.xml:223
msgid "Default: 15"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:371
+#: sssd.conf.5.xml:386
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:374
+#: sssd.conf.5.xml:389
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -614,78 +637,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:396
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:401
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:389
+#: sssd.conf.5.xml:404
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398
+#: sssd.conf.5.xml:413
msgid "override_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:166
+#: sssd.conf.5.xml:422 sssd-krb5.5.xml:166
msgid "%u"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd-krb5.5.xml:167
+#: sssd.conf.5.xml:423 sssd-krb5.5.xml:167
msgid "login name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:411 sssd-krb5.5.xml:170
+#: sssd.conf.5.xml:426 sssd-krb5.5.xml:170
msgid "%U"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:412
+#: sssd.conf.5.xml:427
msgid "UID number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:415 sssd-krb5.5.xml:188
+#: sssd.conf.5.xml:430 sssd-krb5.5.xml:188
msgid "%d"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:416
+#: sssd.conf.5.xml:431
msgid "domain name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:419
+#: sssd.conf.5.xml:434
msgid "%f"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:435
msgid "fully qualified user name (user@domain)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:423 sssd-krb5.5.xml:200
+#: sssd.conf.5.xml:438 sssd-krb5.5.xml:200
msgid "%%"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424 sssd-krb5.5.xml:201
+#: sssd.conf.5.xml:439 sssd-krb5.5.xml:201
msgid "a literal '%'"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:401
+#: sssd.conf.5.xml:416
msgid ""
"Override the user's home directory. You can either provide an absolute value "
"or a template. In the template, the following sequences are substituted: "
@@ -693,138 +716,192 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430
+#: sssd.conf.5.xml:445
msgid "This option can also be set per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:450
+msgid "fallback_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:453
+msgid ""
+"Set a default template for a user's home directory if one is not specified "
+"explicitly by the domain's data provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:458
+msgid ""
+"The available values for this option are the same as for override_homedir."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:462
+msgid "Default: not set (no substitution for unset home directories)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:468
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
+#: sssd.conf.5.xml:471
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
+#: sssd.conf.5.xml:474
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
+#: sssd.conf.5.xml:478
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:483
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:455
+#: sssd.conf.5.xml:488
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:458
+#: sssd.conf.5.xml:491
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:462
+#: sssd.conf.5.xml:495
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:500
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:503
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:475
+#: sssd.conf.5.xml:508
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:511
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
+#: sssd.conf.5.xml:515
msgid "Default: /bin/sh"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:520
+msgid "default_shell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:523
+msgid ""
+"The default shell to use if the provider does not return one during lookup. "
+"This option supercedes any other shell options if it takes effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:528
+msgid ""
+"Default: not set (Return NULL if no shell is specified and rely on libc to "
+"substitute something sensible when necessary, usually /bin/sh)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:535 sssd.conf.5.xml:683
+msgid "get_domains_timeout (int)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:538 sssd.conf.5.xml:686
+msgid ""
+"Specifies time in seconds for which the list of subdomains will be "
+"considered valid."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:489
+#: sssd.conf.5.xml:549
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:491
+#: sssd.conf.5.xml:551
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:556
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:499
+#: sssd.conf.5.xml:559
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504 sssd.conf.5.xml:517
+#: sssd.conf.5.xml:564 sssd.conf.5.xml:577
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:570
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:513
+#: sssd.conf.5.xml:573
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:523
+#: sssd.conf.5.xml:583
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:586
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:591
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -832,59 +909,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537 sssd.conf.5.xml:590 sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:597 sssd.conf.5.xml:650 sssd.conf.5.xml:1315
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:603
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:606
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:611
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:554
+#: sssd.conf.5.xml:614
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:557
+#: sssd.conf.5.xml:617
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:621
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:624
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:568 sssd.8.xml:63
+#: sssd.conf.5.xml:628 sssd.8.xml:63
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:573
+#: sssd.conf.5.xml:633
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:636
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -892,7 +969,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
+#: sssd.conf.5.xml:642
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -901,45 +978,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:656
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:659 sssd.conf.5.xml:972
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:662
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
"cannot display a warning."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:668 sssd.conf.5.xml:975
+msgid ""
+"If zero is set, then this filter is not applied, i.e. if the expiration "
+"warning was received from backend server, it will automatically be displayed."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:608
-msgid "Default: 7"
+#: sssd.conf.5.xml:673
+msgid ""
+"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
+"emphasis> for a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:678 sssd.8.xml:79
+msgid "Default: 0"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:616
+#: sssd.conf.5.xml:698
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:618
+#: sssd.conf.5.xml:700
msgid "These options can be used to configure the sudo service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:707
msgid "sudo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:710
msgid ""
"For any sudo request that comes while SSSD is online, the SSSD will attempt "
"to update the cached rules in order to ensure that sudo has the latest "
@@ -947,7 +1038,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:716
msgid ""
"The user may, however, run a couple of sudo commands successively, which "
"would trigger multiple LDAP requests. In order to speed up this use-case, "
@@ -956,71 +1047,93 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:641
+#: sssd.conf.5.xml:723
msgid ""
"This option controls how long (in seconds) can the sudo service cache rules "
"for a user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:727
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:732
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:735
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:748
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:750
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:676
+#: sssd.conf.5.xml:758
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:679
+#: sssd.conf.5.xml:761
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
"before asking the back end again."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:776
+msgid "SSH configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:778
+msgid "These options can be used to configure the SSH service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:786
+msgid "ssh_hash_known_hosts (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:789
+msgid ""
+"Whether or not to hash host names and adresses in the managed known_hosts "
+"file."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:803
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:810
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:706
+#: sssd.conf.5.xml:813
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:711
+#: sssd.conf.5.xml:818
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1029,56 +1142,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:825
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
-msgid ""
-"Timeout in seconds between heartbeats for this domain. This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:738
+#: sssd.conf.5.xml:831
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:834
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:745
+#: sssd.conf.5.xml:838
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:841
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:856 sssd.conf.5.xml:910
+#: sssd.conf.5.xml:844 sssd.conf.5.xml:949 sssd.conf.5.xml:1031
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:754
+#: sssd.conf.5.xml:847
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1088,14 +1184,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:764
+#: sssd.conf.5.xml:857
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:862
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1104,98 +1200,98 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:873
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:876
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:880
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:886
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796
+#: sssd.conf.5.xml:889
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800 sssd.conf.5.xml:813 sssd.conf.5.xml:826
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:893 sssd.conf.5.xml:906 sssd.conf.5.xml:919
+#: sssd.conf.5.xml:932
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:899
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:902
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:819
+#: sssd.conf.5.xml:912
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:915
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:925
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:928
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:938
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:941
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:945
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:861
+#: sssd.conf.5.xml:954
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:957
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1204,47 +1300,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:964
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:969
+msgid "pwd_expiration_warning (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:980
+msgid ""
+"Please note that the backend server has to provide information about the "
+"expiration time of the password. If this information is missing, sssd "
+"cannot display a warning. Also an auth provider has to be configured for the "
+"backend."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:987
+msgid "Default: 7 (Kerberos), 0 (LDAP)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:993
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:880
+#: sssd.conf.5.xml:996
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:1000
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:887
+#: sssd.conf.5.xml:1003
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:890
+#: sssd.conf.5.xml:1006
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:1009
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:899
+#: sssd.conf.5.xml:1015
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:1018
+msgid ""
+"Use the full name and domain (as formatted by the domain's full_name_format) "
+"as the user's login name reported to NSS."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1023
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1253,19 +1375,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:915
+#: sssd.conf.5.xml:1036
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:918
+#: sssd.conf.5.xml:1039
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
+#: sssd.conf.5.xml:1043
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1273,7 +1395,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:929
+#: sssd.conf.5.xml:1050
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1281,30 +1403,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:1057
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1060
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1063
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:1069
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:951
+#: sssd.conf.5.xml:1072
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1312,17 +1434,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
-msgid "<quote>permit</quote> always allow access."
+#: sssd.conf.5.xml:1078
+msgid ""
+"<quote>permit</quote> always allow access. It's the only permitted access "
+"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:960
+#: sssd.conf.5.xml:1081
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1084
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1331,24 +1455,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1091
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1096
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:978
+#: sssd.conf.5.xml:1099
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1104
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1356,7 +1480,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:991
+#: sssd.conf.5.xml:1112
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1364,7 +1488,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1120
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1372,35 +1496,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1007
+#: sssd.conf.5.xml:1128
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1011
+#: sssd.conf.5.xml:1132
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1135
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1021
+#: sssd.conf.5.xml:1142
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1148
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1031
+#: sssd.conf.5.xml:1152
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1408,29 +1532,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
+#: sssd.conf.5.xml:1159
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1041
+#: sssd.conf.5.xml:1162 sssd.conf.5.xml:1246 sssd.conf.5.xml:1271
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1047
+#: sssd.conf.5.xml:1168
msgid "session_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1171
msgid ""
"The provider which should handle loading of session settings. Supported "
"session providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1055
+#: sssd.conf.5.xml:1176
msgid ""
"<quote>ipa</quote> to load session settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1438,66 +1562,153 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1184
msgid "<quote>none</quote> disallows fetching session settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1187
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"session loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1193
+msgid "subdomains_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1196
+msgid ""
+"The provider which should handle fetching of subdomains. This value should "
+"be always the same as id_provider. Supported subdomain providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1201
+msgid ""
+"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1209
+msgid "<quote>none</quote> disallows fetching subdomains explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1212 sssd-ldap.5.xml:1499
+msgid "Default: none"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1218
+msgid "autofs_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1224
+msgid ""
+"The autofs provider used for the domain. Supported autofs providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1228
+msgid ""
+"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1235
+msgid ""
+"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
+"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1243
+msgid "<quote>none</quote> disables autofs explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1253
+msgid "hostid_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1256
+msgid ""
+"The provider used for retrieving host identity information. Supported "
+"hostid providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1260
+msgid ""
+"<quote>ipa</quote> to load host identity stored in an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1268
+msgid "<quote>none</quote> disables hostid explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1278
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1076
+#: sssd.conf.5.xml:1281
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1285
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1083
+#: sssd.conf.5.xml:1288
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1291
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1294
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1092
+#: sssd.conf.5.xml:1297
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1095
+#: sssd.conf.5.xml:1300
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1306
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1104
+#: sssd.conf.5.xml:1309
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1505,51 +1716,83 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1321
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1324
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1328
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1129
+#: sssd.conf.5.xml:1334
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1337
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1138
+#: sssd.conf.5.xml:1343
msgid "case_sensitive (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1346
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1351
msgid "Default: True"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1357
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1360
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1374
+msgid "subdomain_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1377
+msgid ""
+"Use this homedir as default value for all subdomains within this domain. See "
+"<emphasis>override_homedir</emphasis> for info about possible values."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1382
+msgid ""
+"The value can be overridden by <emphasis>override_homedir</emphasis> option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:805
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1557,29 +1800,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1395
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1398
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1401
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1409
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1412
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1587,19 +1830,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1154
+#: sssd.conf.5.xml:1391
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1187
+#: sssd.conf.5.xml:1424
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1426
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1607,73 +1850,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1433
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1436
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1440
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1445
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211
+#: sssd.conf.5.xml:1448
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1453
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1221
+#: sssd.conf.5.xml:1458
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1224
+#: sssd.conf.5.xml:1461
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1228 sssd.conf.5.xml:1240
+#: sssd.conf.5.xml:1465 sssd.conf.5.xml:1477
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1470
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1473
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1245
+#: sssd.conf.5.xml:1482
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1248
+#: sssd.conf.5.xml:1485
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1681,17 +1924,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1256
+#: sssd.conf.5.xml:1493
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1498
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1501
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1700,17 +1943,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1274
+#: sssd.conf.5.xml:1511
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1516
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1519
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1718,17 +1961,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1289
+#: sssd.conf.5.xml:1526
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1531
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1297
+#: sssd.conf.5.xml:1534
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1736,18 +1979,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1540
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1313 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1550 sssd-ldap.5.xml:2145 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:563 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1319
+#: sssd.conf.5.xml:1556
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1777,7 +2020,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1552
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1786,7 +2029,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1587
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1985,216 +2228,234 @@ msgstr ""
msgid ""
"Specifies the Schema Type in use on the target LDAP server. Depending on "
"the selected schema, the default attribute names retrieved from the servers "
-"may vary. The way that some attributes are handled may also differ. Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
+"may vary. The way that some attributes are handled may also differ. Four "
+"schema types are currently supported: rfc2307 rfc2307bis IPA AD The main "
"difference between these schema types is how group memberships are recorded "
"in the server. With rfc2307, group members are listed by name in the "
"<emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, group "
"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
+"attribute. The AD schema type sets the attributes to correspond with Active "
+"Directory 2008r2 values."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
+#: sssd-ldap.5.xml:183
msgid "Default: rfc2307"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
+#: sssd-ldap.5.xml:189
msgid "ldap_default_bind_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
+#: sssd-ldap.5.xml:192
msgid "The default bind DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
+#: sssd-ldap.5.xml:199
msgid "ldap_default_authtok_type (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
+#: sssd-ldap.5.xml:202
msgid "The type of the authentication token of the default bind DN."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
+#: sssd-ldap.5.xml:206
msgid "The two mechanisms currently supported are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
+#: sssd-ldap.5.xml:209
msgid "password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
+#: sssd-ldap.5.xml:212
msgid "obfuscated_password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
+#: sssd-ldap.5.xml:215
msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
+#: sssd-ldap.5.xml:221
msgid "ldap_default_authtok (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
+#: sssd-ldap.5.xml:224
msgid ""
"The authentication token of the default bind DN. Only clear text passwords "
"are currently supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
+#: sssd-ldap.5.xml:231
msgid "ldap_user_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
+#: sssd-ldap.5.xml:234
msgid "The object class of a user entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
+#: sssd-ldap.5.xml:237
msgid "Default: posixAccount"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
+#: sssd-ldap.5.xml:243
msgid "ldap_user_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
+#: sssd-ldap.5.xml:246
msgid "The LDAP attribute that corresponds to the user's login name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
+#: sssd-ldap.5.xml:250
msgid "Default: uid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
+#: sssd-ldap.5.xml:256
msgid "ldap_user_uid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
+#: sssd-ldap.5.xml:259
msgid "The LDAP attribute that corresponds to the user's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
+#: sssd-ldap.5.xml:263
msgid "Default: uidNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
+#: sssd-ldap.5.xml:269
msgid "ldap_user_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
+#: sssd-ldap.5.xml:272
msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
+#: sssd-ldap.5.xml:276 sssd-ldap.5.xml:758
msgid "Default: gidNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
+#: sssd-ldap.5.xml:282
msgid "ldap_user_gecos (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
+#: sssd-ldap.5.xml:285
msgid "The LDAP attribute that corresponds to the user's gecos field."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
+#: sssd-ldap.5.xml:289
msgid "Default: gecos"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
+#: sssd-ldap.5.xml:295
msgid "ldap_user_home_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
+#: sssd-ldap.5.xml:298
msgid "The LDAP attribute that contains the name of the user's home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
+#: sssd-ldap.5.xml:302
msgid "Default: homeDirectory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
+#: sssd-ldap.5.xml:308
msgid "ldap_user_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
+#: sssd-ldap.5.xml:311
msgid "The LDAP attribute that contains the path to the user's default shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
+#: sssd-ldap.5.xml:315
msgid "Default: loginShell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
+#: sssd-ldap.5.xml:321
msgid "ldap_user_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
+#: sssd-ldap.5.xml:324
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
+#: sssd-ldap.5.xml:328 sssd-ldap.5.xml:784 sssd-ldap.5.xml:911
msgid "Default: nsUniqueId"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
+#: sssd-ldap.5.xml:334
+msgid "ldap_user_objectsid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:337
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP user object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:342 sssd-ldap.5.xml:798
+msgid "Default: objectSid for ActiveDirectory, not set for other servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:349
msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
+#: sssd-ldap.5.xml:352 sssd-ldap.5.xml:808 sssd-ldap.5.xml:920
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
+#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:812 sssd-ldap.5.xml:927
msgid "Default: modifyTimestamp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
+#: sssd-ldap.5.xml:362
msgid "ldap_user_shadow_last_change (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
+#: sssd-ldap.5.xml:365
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2203,17 +2464,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
+#: sssd-ldap.5.xml:375
msgid "Default: shadowLastChange"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
+#: sssd-ldap.5.xml:381
msgid "ldap_user_shadow_min (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
+#: sssd-ldap.5.xml:384
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2222,17 +2483,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
+#: sssd-ldap.5.xml:393
msgid "Default: shadowMin"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
+#: sssd-ldap.5.xml:399
msgid "ldap_user_shadow_max (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
+#: sssd-ldap.5.xml:402
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2241,17 +2502,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
+#: sssd-ldap.5.xml:411
msgid "Default: shadowMax"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
+#: sssd-ldap.5.xml:417
msgid "ldap_user_shadow_warning (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
+#: sssd-ldap.5.xml:420
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2260,17 +2521,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
+#: sssd-ldap.5.xml:430
msgid "Default: shadowWarning"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
+#: sssd-ldap.5.xml:436
msgid "ldap_user_shadow_inactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
+#: sssd-ldap.5.xml:439
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2279,17 +2540,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
+#: sssd-ldap.5.xml:449
msgid "Default: shadowInactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
+#: sssd-ldap.5.xml:455
msgid "ldap_user_shadow_expire (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
+#: sssd-ldap.5.xml:458
msgid ""
"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
"parameter contains the name of an LDAP attribute corresponding to its "
@@ -2298,17 +2559,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
+#: sssd-ldap.5.xml:468
msgid "Default: shadowExpire"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
+#: sssd-ldap.5.xml:474
msgid "ldap_user_krb_last_pwd_change (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
+#: sssd-ldap.5.xml:477
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time of last password change in "
@@ -2316,158 +2577,158 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
+#: sssd-ldap.5.xml:483
msgid "Default: krbLastPwdChange"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
+#: sssd-ldap.5.xml:489
msgid "ldap_user_krb_password_expiration (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
+#: sssd-ldap.5.xml:492
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time when current password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
+#: sssd-ldap.5.xml:498
msgid "Default: krbPasswordExpiration"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
+#: sssd-ldap.5.xml:504
msgid "ldap_user_ad_account_expires (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
+#: sssd-ldap.5.xml:507
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the expiration time of the account."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
+#: sssd-ldap.5.xml:512
msgid "Default: accountExpires"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
+#: sssd-ldap.5.xml:518
msgid "ldap_user_ad_user_account_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
+#: sssd-ldap.5.xml:521
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the user account control bit field."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
+#: sssd-ldap.5.xml:526
msgid "Default: userAccountControl"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
+#: sssd-ldap.5.xml:532
msgid "ldap_ns_account_lock (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
+#: sssd-ldap.5.xml:535
msgid ""
"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
"determines if access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
+#: sssd-ldap.5.xml:540
msgid "Default: nsAccountLock"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
+#: sssd-ldap.5.xml:546
msgid "ldap_user_nds_login_disabled (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
+#: sssd-ldap.5.xml:549
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines if "
"access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
+#: sssd-ldap.5.xml:553 sssd-ldap.5.xml:567
msgid "Default: loginDisabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
+#: sssd-ldap.5.xml:559
msgid "ldap_user_nds_login_expiration_time (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
+#: sssd-ldap.5.xml:562
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines until "
"which date access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
+#: sssd-ldap.5.xml:573
msgid "ldap_user_nds_login_allowed_time_map (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
+#: sssd-ldap.5.xml:576
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines the "
"hours of a day in a week when access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
+#: sssd-ldap.5.xml:581
msgid "Default: loginAllowedTimeMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
+#: sssd-ldap.5.xml:587
msgid "ldap_user_principal (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
+#: sssd-ldap.5.xml:590
msgid ""
"The LDAP attribute that contains the user's Kerberos User Principal Name "
"(UPN)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
+#: sssd-ldap.5.xml:594
msgid "Default: krbPrincipalName"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
+#: sssd-ldap.5.xml:600
msgid "ldap_user_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
+#: sssd-ldap.5.xml:603
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
+#: sssd-ldap.5.xml:610
msgid "ldap_force_upper_case_realm (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
+#: sssd-ldap.5.xml:613
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -2476,29 +2737,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
+#: sssd-ldap.5.xml:626
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
+#: sssd-ldap.5.xml:629
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:634 sssd-ldap.5.xml:1887
msgid "Default: 300"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
+#: sssd-ldap.5.xml:640
msgid "ldap_purge_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
+#: sssd-ldap.5.xml:643
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -2506,54 +2767,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
+#: sssd-ldap.5.xml:649
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
+#: sssd-ldap.5.xml:653
msgid "Default: 10800 (12 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
+#: sssd-ldap.5.xml:659
msgid "ldap_user_fullname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
+#: sssd-ldap.5.xml:662
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
+#: sssd-ldap.5.xml:666 sssd-ldap.5.xml:745 sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:952 sssd-ldap.5.xml:1742 sssd-ldap.5.xml:1960
+#: sssd-ipa.5.xml:441
msgid "Default: cn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
+#: sssd-ldap.5.xml:672
msgid "ldap_user_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
+#: sssd-ldap.5.xml:675
msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
+#: sssd-ldap.5.xml:679 sssd-ipa.5.xml:345
msgid "Default: memberOf"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
+#: sssd-ldap.5.xml:685
msgid "ldap_user_authorized_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
+#: sssd-ldap.5.xml:688
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -2561,24 +2822,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
+#: sssd-ldap.5.xml:695
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:700
msgid "Default: authorizedService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
+#: sssd-ldap.5.xml:706
msgid "ldap_user_authorized_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
+#: sssd-ldap.5.xml:709
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -2586,89 +2847,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
+#: sssd-ldap.5.xml:715
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
+#: sssd-ldap.5.xml:720
msgid "Default: host"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:726
msgid "ldap_group_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
+#: sssd-ldap.5.xml:729
msgid "The object class of a group entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
+#: sssd-ldap.5.xml:732
msgid "Default: posixGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:738
msgid "ldap_group_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
+#: sssd-ldap.5.xml:741
msgid "The LDAP attribute that corresponds to the group name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:751
msgid "ldap_group_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:754
msgid "The LDAP attribute that corresponds to the group's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
+#: sssd-ldap.5.xml:764
msgid "ldap_group_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
+#: sssd-ldap.5.xml:767
msgid "The LDAP attribute that contains the names of the group's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
+#: sssd-ldap.5.xml:771
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
+#: sssd-ldap.5.xml:777
msgid "ldap_group_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:780
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:790
+msgid "ldap_group_objectsid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:793
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP group object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:805
msgid "ldap_group_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:818
msgid "ldap_group_nesting_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:821
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -2676,198 +2949,198 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
+#: sssd-ldap.5.xml:828
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:834
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
+#: sssd-ldap.5.xml:837
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
+#: sssd-ldap.5.xml:840
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:844
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
+#: sssd-ldap.5.xml:850
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
+#: sssd-ldap.5.xml:853
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:857
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
+#: sssd-ldap.5.xml:867
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
+#: sssd-ldap.5.xml:870
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
+#: sssd-ldap.5.xml:874
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:878
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:884
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
+#: sssd-ldap.5.xml:887
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
+#: sssd-ldap.5.xml:891 sssd-ldap.5.xml:924
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:894
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
+#: sssd-ldap.5.xml:900
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
+#: sssd-ldap.5.xml:903
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
+#: sssd-ldap.5.xml:907
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
+#: sssd-ldap.5.xml:917
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:933
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:936
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:939
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:945
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:948
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
+#: sssd-ldap.5.xml:958
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
+#: sssd-ldap.5.xml:961
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
+#: sssd-ldap.5.xml:965
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
+#: sssd-ldap.5.xml:971
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:974
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
+#: sssd-ldap.5.xml:978
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
+#: sssd-ldap.5.xml:984
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:987
msgid "An optional base DN to restrict service searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
+#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1997 sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2035 sssd-ldap.5.xml:2098 sssd-ldap.5.xml:2120
+#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 sssd-ipa.5.xml:206
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
+#: sssd-ldap.5.xml:996 sssd-ldap.5.xml:2002 sssd-ldap.5.xml:2021
+#: sssd-ldap.5.xml:2040 sssd-ldap.5.xml:2103 sssd-ldap.5.xml:2125
#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
+#: sssd-ldap.5.xml:1003
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1006
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2875,7 +3148,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
+#: sssd-ldap.5.xml:1012
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2883,35 +3156,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
+#: sssd-ldap.5.xml:1018 sssd-ldap.5.xml:1060 sssd-ldap.5.xml:1075
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1024
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1027
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
"are returned (and offline mode is entered)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1040
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1043
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2922,12 +3190,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
+#: sssd-ldap.5.xml:1066
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
+#: sssd-ldap.5.xml:1069
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2935,12 +3203,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1081
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1084
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -2949,34 +3217,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
+#: sssd-ldap.5.xml:1092
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1098
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
+#: sssd-ldap.5.xml:1101
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1106
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
+#: sssd-ldap.5.xml:1112
+msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1115
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -2984,27 +3252,50 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
+#: sssd-ldap.5.xml:1121
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1127
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
"requests being denied."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1133 include/ldap_id_mapping.xml:184
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1139
+msgid "ldap_sasl_minssf (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1142
+msgid ""
+"When communicating with an LDAP server using SASL, specify the minimum "
+"security level necessary to establish the connection. The values of this "
+"option are defined by OpenLDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1148
+msgid "Default: Use the system default (usually specified by ldap.conf)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1155
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1158
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -3012,13 +3303,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1164
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1168
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -3027,7 +3318,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
+#: sssd-ldap.5.xml:1176
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -3035,26 +3326,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1189
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
+#: sssd-ldap.5.xml:1192
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1198
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
+#: sssd-ldap.5.xml:1202
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3062,7 +3353,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1209
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3070,7 +3361,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1215
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3078,41 +3369,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1221
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1225
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
+#: sssd-ldap.5.xml:1231
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
+#: sssd-ldap.5.xml:1234
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
+#: sssd-ldap.5.xml:1239 sssd-ldap.5.xml:1257 sssd-ldap.5.xml:1298
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1246
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1249
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3121,38 +3412,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1264
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1267
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1271 sssd-ldap.5.xml:1283 sssd-ldap.5.xml:1344
+#: sssd-ldap.5.xml:2058 sssd-ldap.5.xml:2085 sssd-krb5.5.xml:359
+#: include/ldap_id_mapping.xml:145 include/ldap_id_mapping.xml:156
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1277
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1280
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
+#: sssd-ldap.5.xml:1289
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
+#: sssd-ldap.5.xml:1292
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3160,90 +3452,103 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1305
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1308
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
+#: sssd-ldap.5.xml:1318
+msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1321
msgid ""
-"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
-"supported."
+"Specifies that SSSD should attempt to map user and group IDs from the "
+"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
+"on ldap_user_uid_number and ldap_group_gid_number."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
+#: sssd-ldap.5.xml:1327
+msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1337
+msgid "ldap_sasl_mech (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1340
+msgid ""
+"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
+"supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1350
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
+#: sssd-ldap.5.xml:1353
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
+#: sssd-ldap.5.xml:1358
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1364
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
+#: sssd-ldap.5.xml:1367
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
+#: sssd-ldap.5.xml:1372
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1378
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
+#: sssd-ldap.5.xml:1381
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1384
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
+#: sssd-ldap.5.xml:1390
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
+#: sssd-ldap.5.xml:1393
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -3251,27 +3556,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1405
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1408
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
+#: sssd-ldap.5.xml:1412
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1418 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1421 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -3283,7 +3588,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1433 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -3291,7 +3596,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1438 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -3299,53 +3604,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1447 sssd-ipa.5.xml:235 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1450
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
+#: sssd-ldap.5.xml:1453
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1459 sssd-ipa.5.xml:250 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1462
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
+#: sssd-ldap.5.xml:1474
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
+#: sssd-ldap.5.xml:1477
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1482
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
+#: sssd-ldap.5.xml:1487
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -3353,7 +3658,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
+#: sssd-ldap.5.xml:1493
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -3361,76 +3666,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1505
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1508
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
+#: sssd-ldap.5.xml:1512
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1517
+msgid ""
+"Chasing referrals may incur a performance penalty in environments that use "
+"them heavily, a notable example is Microsoft Active Directory. If your setup "
+"does not in fact require the use of referrals, setting this option to false "
+"might bring a noticeable performance improvement."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1531
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1534
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1538
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1544
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
+#: sssd-ldap.5.xml:1547
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1552
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
+#: sssd-ldap.5.xml:1558
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1561
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
+"it will result in all users being denied access. Use access_provider = "
+"permit to change this default behavior."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:1571 sssd-ldap.5.xml:2061
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
+#: sssd-ldap.5.xml:1574
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3439,14 +3753,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1578
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
+#: sssd-ldap.5.xml:1583
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3455,24 +3769,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1591 sssd-ldap.5.xml:1641
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1597
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1600
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1604
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3480,19 +3794,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1611
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1614
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1619
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3501,7 +3815,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1626
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3509,7 +3823,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
+#: sssd-ldap.5.xml:1632
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3518,89 +3832,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
+#: sssd-ldap.5.xml:1647
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
+#: sssd-ldap.5.xml:1650
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1654
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1657
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1661
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
+#: sssd-ldap.5.xml:1666
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1670
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1673
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1680
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
+#: sssd-ldap.5.xml:1683
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1688
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1692
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1697
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1702
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1707
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3617,212 +3931,212 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1718
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1723
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
+#: sssd-ldap.5.xml:1726
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1729
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1735
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1738
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1748
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1751
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
+#: sssd-ldap.5.xml:1755
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
+#: sssd-ldap.5.xml:1761
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
+#: sssd-ldap.5.xml:1764
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
+#: sssd-ldap.5.xml:1769
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1775
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
+#: sssd-ldap.5.xml:1778
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
+#: sssd-ldap.5.xml:1782
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1788
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
+#: sssd-ldap.5.xml:1791
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
+#: sssd-ldap.5.xml:1795
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
+#: sssd-ldap.5.xml:1801
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1804
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
+#: sssd-ldap.5.xml:1808
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
+#: sssd-ldap.5.xml:1814
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
+#: sssd-ldap.5.xml:1817
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
+#: sssd-ldap.5.xml:1821
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
+#: sssd-ldap.5.xml:1827
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
+#: sssd-ldap.5.xml:1830
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1834
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
+#: sssd-ldap.5.xml:1840
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
+#: sssd-ldap.5.xml:1843
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1848
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1854
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1857
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
+#: sssd-ldap.5.xml:1861
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1867
msgid "ldap_sudo_refresh_enabled (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1870
msgid ""
"Enables periodical download of all sudo rules. The cache is purged before "
"each update."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1880
msgid "ldap_sudo_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
+#: sssd-ldap.5.xml:1883
msgid ""
"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1721
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1894
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -3831,76 +4145,76 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1904
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
+#: sssd-ldap.5.xml:1906
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1913
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1916 sssd-ldap.5.xml:1942
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1919 sssd-ldap.5.xml:1946
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
+#: sssd-ldap.5.xml:1926
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
+#: sssd-ldap.5.xml:1929
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
+#: sssd-ldap.5.xml:1932
msgid "Default: ou"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1939
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1953
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
+#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:1970
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1967
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1974
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1911
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -3909,62 +4223,62 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
+#: sssd-ldap.5.xml:1983
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
+#: sssd-ldap.5.xml:1990
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
+#: sssd-ldap.5.xml:1993
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:2009
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
+#: sssd-ldap.5.xml:2012
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
+#: sssd-ldap.5.xml:2028
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:2031
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:2047
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
+#: sssd-ldap.5.xml:2050
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
+#: sssd-ldap.5.xml:2054
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2064
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3972,55 +4286,55 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
+#: sssd-ldap.5.xml:2067
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2074
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
+#: sssd-ldap.5.xml:2077
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2081
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2091
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2094
msgid ""
"An optional base DN to restrict sudo rules searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
+#: sssd-ldap.5.xml:2113
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
+#: sssd-ldap.5.xml:2116
msgid ""
"An optional base DN to restrict automounter searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1985
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -4028,7 +4342,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2147
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -4036,7 +4350,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
+#: sssd-ldap.5.xml:2153
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -4049,19 +4363,19 @@ msgid ""
" enumerate = true\n"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
+#. type: Content of: <refsect1><refsect2><para>
+#: sssd-ldap.5.xml:2152 sssd-simple.5.xml:134 sssd-ipa.5.xml:571
+#: sssd-krb5.5.xml:441 include/ldap_id_mapping.xml:63
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:2166 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
+#: sssd-ldap.5.xml:2168
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -4070,7 +4384,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
+#: sssd-ldap.5.xml:2179
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -4594,40 +4908,55 @@ msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:199
+msgid "ipa_subdomains_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:202
+msgid "Optional. Use the given string as search base for trusted domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:218 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:221 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
+#: sssd-ipa.5.xml:228
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
+#: sssd-ipa.5.xml:238
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:242
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
+#: sssd-ipa.5.xml:253
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -4635,12 +4964,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
+#: sssd-ipa.5.xml:266
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
+#: sssd-ipa.5.xml:269
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -4648,17 +4977,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
+#: sssd-ipa.5.xml:276
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
+#: sssd-ipa.5.xml:281
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
+#: sssd-ipa.5.xml:284
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -4667,313 +4996,313 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
+#: sssd-ipa.5.xml:293
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
+#: sssd-ipa.5.xml:298
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
+#: sssd-ipa.5.xml:303
msgid "Default: DENY_ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
+#: sssd-ipa.5.xml:308
msgid "ipa_hbac_support_srchost (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:311
msgid ""
"If this is set to false, then srchost as given to SSSD by PAM will be "
"ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
+#: sssd-ipa.5.xml:315
msgid ""
"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
+#: sssd-ipa.5.xml:326
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
+#: sssd-ipa.5.xml:329
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
+#: sssd-ipa.5.xml:332
msgid "Default: The location named \"default\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:338
msgid "ipa_netgroup_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
+#: sssd-ipa.5.xml:341
msgid "The LDAP attribute that lists netgroup's memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
+#: sssd-ipa.5.xml:350
msgid "ipa_netgroup_member_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
+#: sssd-ipa.5.xml:353
msgid ""
"The LDAP attribute that lists system users and groups that are direct "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:358 sssd-ipa.5.xml:453
msgid "Default: memberUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
+#: sssd-ipa.5.xml:363
msgid "ipa_netgroup_member_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:366
msgid ""
"The LDAP attribute that lists hosts and host groups that are direct members "
"of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:370 sssd-ipa.5.xml:465
msgid "Default: memberHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:375
msgid "ipa_netgroup_member_ext_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
+#: sssd-ipa.5.xml:378
msgid ""
"The LDAP attribute that lists FQDNs of hosts and host groups that are "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
+#: sssd-ipa.5.xml:382
msgid "Default: externalHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
+#: sssd-ipa.5.xml:387
msgid "ipa_netgroup_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:390
msgid "The LDAP attribute that contains NIS domain name of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
+#: sssd-ipa.5.xml:394
msgid "Default: nisDomainName"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
+#: sssd-ipa.5.xml:400
msgid "ipa_host_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
+#: sssd-ipa.5.xml:403 sssd-ipa.5.xml:426
msgid "The object class of a host entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
+#: sssd-ipa.5.xml:406 sssd-ipa.5.xml:429
msgid "Default: ipaHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:411
msgid "ipa_host_fqdn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
+#: sssd-ipa.5.xml:414
msgid "The LDAP attribute that contains FQDN of the host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
+#: sssd-ipa.5.xml:417
msgid "Default: fqdn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
+#: sssd-ipa.5.xml:423
msgid "ipa_selinux_usermap_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
+#: sssd-ipa.5.xml:434
msgid "ipa_selinux_usermap_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:437
msgid "The LDAP attribute that contains the name of SELinux usermap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:446
msgid "ipa_selinux_usermap_member_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
+#: sssd-ipa.5.xml:449
msgid ""
"The LDAP attribute that contains all users / groups this rule match against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
+#: sssd-ipa.5.xml:458
msgid "ipa_selinux_usermap_member_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
+#: sssd-ipa.5.xml:461
msgid ""
"The LDAP attribute that contains all hosts / hostgroups this rule match "
"against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:470
msgid "ipa_selinux_usermap_see_also (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:473
msgid ""
"The LDAP attribute that contains DN of HBAC rule which can be used for "
"matching instead of memberUser and memberHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
+#: sssd-ipa.5.xml:478
msgid "Default: seeAlso"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
+#: sssd-ipa.5.xml:483
msgid "ipa_selinux_usermap_selinux_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:486
msgid "The LDAP attribute that contains SELinux user string itself."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:490
msgid "Default: ipaSELinuxUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
+#: sssd-ipa.5.xml:495
msgid "ipa_selinux_usermap_enabled (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
+#: sssd-ipa.5.xml:498
msgid ""
"The LDAP attribute that contains whether or not is user map enabled for "
"usage."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:502
msgid "Default: ipaEnabledFlag"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
+#: sssd-ipa.5.xml:507
msgid "ipa_selinux_usermap_user_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:510
msgid "The LDAP attribute that contains user category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
+#: sssd-ipa.5.xml:514
msgid "Default: userCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:519
msgid "ipa_selinux_usermap_host_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:522
msgid "The LDAP attribute that contains host category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
+#: sssd-ipa.5.xml:526
msgid "Default: hostCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:531
msgid "ipa_selinux_usermap_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
+#: sssd-ipa.5.xml:534
msgid "The LDAP attribute that contains unique ID of the user map."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
+#: sssd-ipa.5.xml:538
msgid "Default: ipaUniqueID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
+#: sssd-ipa.5.xml:543
msgid "ipa_host_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
+#: sssd-ipa.5.xml:546
msgid "The LDAP attribute that contains the host's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:550
msgid "Default: ipaSshPubKey"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:565
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -4981,7 +5310,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:572
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -4991,7 +5320,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
+#: sssd-ipa.5.xml:583
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -5068,11 +5397,6 @@ msgstr ""
msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:85
msgid "<option>-f</option>,<option>--debug-to-files</option>"
@@ -5453,7 +5777,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
+#: sss_useradd.8.xml:171
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -5927,7 +6251,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
+#: sss_groupadd.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6012,7 +6336,7 @@ msgid "Before actually deleting the user, terminate all his processes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
+#: sss_userdel.8.xml:97
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6056,7 +6380,7 @@ msgstr ""
"jménem<replaceable>SKUPINA</replaceable>."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
+#: sss_groupdel.8.xml:50
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6118,7 +6442,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
+#: sss_groupshow.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6207,7 +6531,7 @@ msgid "The SELinux user for the user's login."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
+#: sss_usermod.8.xml:142
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6317,13 +6641,69 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:108
+#, fuzzy
+#| msgid "<option>-h</option>,<option>--help</option>"
+msgid ""
+"<option>-s</option>,<option>--service</option> <replaceable>service</"
+"replaceable>"
+msgstr "<option>-h</option>,<option>--help</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:113
+msgid "Invalidate specific service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:119
+#, fuzzy
+#| msgid "<option>-h</option>,<option>--help</option>"
+msgid "<option>-S</option>,<option>--services</option>"
+msgstr "<option>-h</option>,<option>--help</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:123
+msgid ""
+"Invalidate all service records. This option overrides invalidation of "
+"specific service if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:130
+#, fuzzy
+#| msgid "<option>-h</option>,<option>--help</option>"
+msgid ""
+"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
+"replaceable>"
+msgstr "<option>-h</option>,<option>--help</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:135
+msgid "Invalidate specific autofs maps."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:141
+#, fuzzy
+#| msgid "<option>-h</option>,<option>--help</option>"
+msgid "<option>-A</option>,<option>--autofs-maps</option>"
+msgstr "<option>-h</option>,<option>--help</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:145
+msgid ""
+"Invalidate all autofs maps. This option overrides invalidation of specific "
+"map if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:152
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:113
+#: sss_cache.8.xml:157
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -6548,7 +6928,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
msgid "Configuration"
msgstr ""
@@ -6664,6 +7044,231 @@ msgid ""
"offline mode, and then attempts to reconnect every 30 seconds."
msgstr ""
+#. type: Content of: <refsect1><title>
+#: include/ldap_id_mapping.xml:2
+msgid "ID MAPPING"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:4
+msgid ""
+"The ID-mapping feature allows SSSD to act as a client of Active Directory "
+"without requiring administrators to extend user attributes to support POSIX "
+"attributes for user and group identifiers."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:9
+msgid ""
+"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are "
+"ignored. This is to avoid the possibility of conflicts between automatically-"
+"assigned and manually-assigned values. If you need to use manually-assigned "
+"values, ALL values must be manually-assigned."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:17
+msgid "Mapping Algorithm"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:19
+msgid ""
+"Active Directory provides an objectSID for every user and group object in "
+"the directory. This objectSID can be broken up into components that "
+"represent the Active Directory domain identity and the relative identifier "
+"(RID) of the user or group object."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:25
+msgid ""
+"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
+"into equally-sized component sections - called \"slices\"-. Each slice "
+"represents the space available to an Active Directory domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:31
+msgid ""
+"When a user or group entry for a particular domain is encountered for the "
+"first time, the SSSD allocates one of the available slices for that domain. "
+"In order to make this slice-assignment repeatable on different client "
+"machines, we select the slice based on the following algorithm:"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:38
+msgid ""
+"The SID string is passed through the murmurhash3 algorithm to convert it to "
+"a 32-bit hashed value. We then take the modulus of this value with the total "
+"number of available slices to pick the slice."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:44
+msgid ""
+"NOTE: It is possible to encounter collisions in the hash and subsequent "
+"modulus. In these situations, we will select the next available slice, but "
+"it may not be possible to reproduce the same exact set of slices on other "
+"machines (since the order that they are encountered will determine their "
+"slice). In this situation, it is recommended to either switch to using "
+"explicit POSIX attributes in Active Directory (disabling ID-mapping) or "
+"configure a default domain to guarantee that at least one is always "
+"consistent. See <quote>Configuration</quote> for details."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:59
+msgid ""
+"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><programlisting>
+#: include/ldap_id_mapping.xml:64
+#, no-wrap
+msgid ""
+"ldap_id_mapping = True\n"
+"ldap_schema = ad\n"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:69
+msgid ""
+"The default configuration results in configuring 10,000 slices, each capable "
+"of holding up to 200,000 IDs, starting from 10,001 and going up to "
+"2,000,100,000. This should be sufficient for most deployments."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><title>
+#: include/ldap_id_mapping.xml:75
+msgid "Advanced Configuration"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:78
+msgid "ldap_idmap_range_min (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:81
+msgid ""
+"Specifies the lower bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:85
+msgid ""
+"NOTE: This option is different from <quote>id_mn</quote> in that "
+"<quote>id_min</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_min</"
+"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:95
+msgid "Default: 10001"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:100
+msgid "ldap_idmap_range_max (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:103
+msgid ""
+"Specifies the upper bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:107
+msgid ""
+"NOTE: This option is different from <quote>id_max</quote> in that "
+"<quote>id_max</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_max</"
+"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:117
+msgid "Default: 2000100000"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:122
+msgid "ldap_idmap_range_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:125
+msgid ""
+"Specifies the number of IDs available for each slice. If the range size "
+"does not divide evenly into the min and max values, it will create as many "
+"complete slices as it can."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:131
+msgid "Default: 200000"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:136
+msgid "ldap_idmap_default_domain_sid (string)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:139
+msgid ""
+"Specify the domain SID of the default domain. This will guarantee that this "
+"domain will always be assigned to slice zero in the ID map, bypassing the "
+"murmurhash algorithm described above."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:150
+msgid "ldap_idmap_default_domain (string)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:153
+msgid "Specify the name of the default domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:161
+msgid "ldap_idmap_autorid_compat (boolean)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:164
+msgid ""
+"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
+"winbind's <quote>idmap_autorid</quote> algorithm."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:169
+msgid ""
+"When this option is configured, domains will be allocated starting with "
+"slice zero and increasing monatomically with each additional domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:174
+msgid ""
+"NOTE: This algorithm is non-deterministic (it depends on the order that "
+"users and groups are requested). If this mode is required for compatibility "
+"with machines running winbind, it is recommended to also use the "
+"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at "
+"least one domain is consistently allocated to slice zero."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-h</option>,<option>--help</option>"
@@ -6783,3 +7388,27 @@ msgid ""
"<emphasis> This is an experimental feature, please use http://fedorahosted."
"org/sssd to report any issues. </emphasis>"
msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/local.xml:2
+msgid "THE LOCAL DOMAIN"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:4
+msgid ""
+"In order to function correctly, a domain with <quote>id_provider=local</"
+"quote> must be created and the SSSD must be running."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:9
+msgid ""
+"The administrator might want to use the SSSD local users instead of "
+"traditional UNIX users in cases where the group nesting (see <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>) is needed. The local users are also useful for testing and "
+"development of the SSSD without having to deploy a full remote server. The "
+"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
+"local LDB storage to store users and groups."
+msgstr ""
diff --git a/src/man/po/es.po b/src/man/po/es.po
index 852cff6f1..1b8d0649b 100644
--- a/src/man/po/es.po
+++ b/src/man/po/es.po
@@ -11,8 +11,8 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-03-12 16:37-0300\n"
-"PO-Revision-Date: 2012-03-08 11:52+0000\n"
+"POT-Creation-Date: 2012-05-11 14:59-0300\n"
+"PO-Revision-Date: 2012-04-20 17:34+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: Spanish (Castilian) <trans-es@lists.fedoraproject.org>\n"
"Language: es\n"
@@ -130,18 +130,18 @@ msgstr ""
"<replaceable>GROUPS</replaceable>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1348 sssd-ldap.5.xml:2096
+#: sss_groupmod.8.xml:74 sssd.conf.5.xml:1585 sssd-ldap.5.xml:2177
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138 sss_ssh_authorizedkeys.1.xml:96
+#: sssd-ipa.5.xml:581 sssd.8.xml:191 sss_obfuscate.8.xml:103
+#: sss_useradd.8.xml:169 sssd-krb5.5.xml:451 sss_groupadd.8.xml:60
+#: sss_userdel.8.xml:95 sss_groupdel.8.xml:48 sss_groupshow.8.xml:60
+#: sss_usermod.8.xml:140 sss_ssh_authorizedkeys.1.xml:96
#: sss_ssh_knownhostsproxy.1.xml:95
msgid "SEE ALSO"
msgstr "VEA TAMBIEN"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
+#: sss_groupmod.8.xml:76
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -268,7 +268,7 @@ msgid "The [sssd] section"
msgstr "La sección [sssd]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:1431
msgid "Section parameters"
msgstr "Parámetros de sección"
@@ -302,16 +302,18 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:88
msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
+"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
+"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
+"\"with_ssh\">, ssh</phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
+#: sssd.conf.5.xml:96 sssd.conf.5.xml:288
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
+#: sssd.conf.5.xml:99 sssd.conf.5.xml:291
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -320,17 +322,17 @@ msgstr ""
"de datos del proveedor, o de reiniciarse antes de abandonar"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
+#: sssd.conf.5.xml:104 sssd.conf.5.xml:296
msgid "Default: 3"
msgstr "Predeterminado: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:109
msgid "domains"
msgstr "dominios"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:112
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -344,12 +346,12 @@ msgstr ""
"consultados."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
+#: sssd.conf.5.xml:122
msgid "re_expression (string)"
msgstr "re_expression (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
+#: sssd.conf.5.xml:125
msgid ""
"Regular expression that describes how to parse the string containing user "
"name and domain into these components."
@@ -358,7 +360,7 @@ msgstr ""
"nombre de usuariosy dominio en estos componentes."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
+#: sssd.conf.5.xml:129
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -369,7 +371,7 @@ msgstr ""
"el nombre, el dominio es el resto detrás de este signo\""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
+#: sssd.conf.5.xml:134
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -377,7 +379,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:141
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
@@ -386,12 +388,12 @@ msgstr ""
"soportan la sintaxis Python (?P&lt;name&gt;) para identificar subpatrones."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
+#: sssd.conf.5.xml:148
msgid "full_name_format (string)"
msgstr "full_name_format (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
+#: sssd.conf.5.xml:151
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to translate "
@@ -402,17 +404,17 @@ msgstr ""
"traducir una tupla (nombre, dominio), a un nombre totalmente calificado."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
+#: sssd.conf.5.xml:159
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Predeterminado: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
+#: sssd.conf.5.xml:164
msgid "try_inotify (boolean)"
msgstr "try_inotify (boolean)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
+#: sssd.conf.5.xml:167
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -425,7 +427,7 @@ msgstr ""
"segundos en caso que inotify no pueda ser utilizado."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
+#: sssd.conf.5.xml:175
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -436,7 +438,7 @@ msgstr ""
"'false' "
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
+#: sssd.conf.5.xml:181
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
@@ -445,7 +447,7 @@ msgstr ""
"en el resto de las plataformas."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:185
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
@@ -455,12 +457,12 @@ msgstr ""
"utilizada siempre."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
+#: sssd.conf.5.xml:192
msgid "krb5_rcache_dir (string)"
msgstr "krb5_rcache_dir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
+#: sssd.conf.5.xml:195
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -469,19 +471,42 @@ msgstr ""
"reproducción de cache de Kerberos."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
+#: sssd.conf.5.xml:199
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
+#: sssd.conf.5.xml:205
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:212
+#, fuzzy
+#| msgid "timeout (integer)"
+msgid "force_timeout (integer)"
+msgstr "timeout (entero)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:215
+msgid ""
+"If a service is not responding to ping checks (see the <quote>timeout</"
+"quote> option), it is first sent the SIGTERM signal that instructs it to "
+"quit gracefully. If the service does not terminate after "
+"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down "
+"by sending a SIGKILL signal."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:542 sssd.conf.5.xml:690
+#: sssd-ldap.5.xml:1034
+msgid "Default: 60"
+msgstr "Predeterminado: 60"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:63
msgid ""
@@ -494,12 +519,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
+#: sssd.conf.5.xml:234
msgid "SERVICES SECTIONS"
msgstr "SECCIONES DE SERVICIOS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
+#: sssd.conf.5.xml:236
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -512,61 +537,80 @@ msgstr ""
"<quote>[nss]</quote>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
+#: sssd.conf.5.xml:243
msgid "General service configuration options"
msgstr "Opciones de configuración de servicios generales"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
+#: sssd.conf.5.xml:245
msgid "These options can be used to configure any service."
msgstr "Estas opciones pueden usarse para configurar cualquier servicio."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
+#: sssd.conf.5.xml:249
msgid "debug_level (integer)"
msgstr "debug_level (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
+#: sssd.conf.5.xml:253
msgid "debug_timestamps (bool)"
msgstr "debug_timestamps (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
+#: sssd.conf.5.xml:256
msgid "Add a timestamp to the debug messages"
msgstr "Agregar una marca de tiempo a los mensajes de depuración"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:393 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:408 sssd.conf.5.xml:793
+#: sssd-ldap.5.xml:1399 sssd-ldap.5.xml:1525 sssd-ipa.5.xml:225
+#: sssd-ipa.5.xml:260
msgid "Default: true"
msgstr "Predeterminado: true"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
+#: sssd.conf.5.xml:264
msgid "debug_microseconds (bool)"
msgstr "debug_microseconds (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
+#: sssd.conf.5.xml:267
msgid "Add microseconds to the timestamp in debug messages"
msgstr "Agregar microsegundos a la marca de tiempo en mensajes de depuración"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:658 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:270 sssd.conf.5.xml:740 sssd.conf.5.xml:1368
+#: sssd-ldap.5.xml:620 sssd-ldap.5.xml:1312 sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1468 sssd-ldap.5.xml:1874 sssd-ipa.5.xml:123
+#: sssd-ipa.5.xml:320 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269
+#: sssd-krb5.5.xml:418
msgid "Default: false"
msgstr "Predeterminado: false"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
+#: sssd.conf.5.xml:275
+msgid "timeout (integer)"
+msgstr "timeout (entero)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:278
+msgid ""
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:283 sssd-ldap.5.xml:1183
+msgid "Default: 10"
+msgstr "Predeterminado: 10"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:301
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:304
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -576,36 +620,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:282
+#: sssd.conf.5.xml:313
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:287
-msgid "command (string)"
-msgstr "command (cadena)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:290
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>. This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr "Predeterminado: <command>sssd_${service_name}</command>"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:306
+#: sssd.conf.5.xml:321
msgid "NSS configuration options"
msgstr "Opciones de configuración de NSS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:308
+#: sssd.conf.5.xml:323
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
@@ -613,29 +638,29 @@ msgstr ""
"Switch (NSS)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:313
+#: sssd.conf.5.xml:328
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316
+#: sssd.conf.5.xml:331
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:335
msgid "Default: 120"
msgstr "Predeterminado: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:325
+#: sssd.conf.5.xml:340
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:328
+#: sssd.conf.5.xml:343
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -643,7 +668,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:349
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -653,7 +678,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:359
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -662,17 +687,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:352
+#: sssd.conf.5.xml:367
msgid "Default: 50"
msgstr "Predeterminado: 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:357
+#: sssd.conf.5.xml:372
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:375
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -680,17 +705,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:686 sssd-krb5.5.xml:223
+#: sssd.conf.5.xml:381 sssd.conf.5.xml:768 sssd-krb5.5.xml:223
msgid "Default: 15"
msgstr "Predeterminado: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:371
+#: sssd.conf.5.xml:386
msgid "filter_users, filter_groups (string)"
msgstr "filter_users, filter_groups (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:374
+#: sssd.conf.5.xml:389
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -699,78 +724,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:396
msgid "Default: root"
msgstr "Predeterminado: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:401
msgid "filter_users_in_groups (bool)"
msgstr "filter_users_in_groups (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:389
+#: sssd.conf.5.xml:404
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398
+#: sssd.conf.5.xml:413
msgid "override_homedir (string)"
msgstr "override_homedir (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:166
+#: sssd.conf.5.xml:422 sssd-krb5.5.xml:166
msgid "%u"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd-krb5.5.xml:167
+#: sssd.conf.5.xml:423 sssd-krb5.5.xml:167
msgid "login name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:411 sssd-krb5.5.xml:170
+#: sssd.conf.5.xml:426 sssd-krb5.5.xml:170
msgid "%U"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:412
+#: sssd.conf.5.xml:427
msgid "UID number"
msgstr "número UID"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:415 sssd-krb5.5.xml:188
+#: sssd.conf.5.xml:430 sssd-krb5.5.xml:188
msgid "%d"
msgstr "%d"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:416
+#: sssd.conf.5.xml:431
msgid "domain name"
msgstr "nombre de dominio"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:419
+#: sssd.conf.5.xml:434
msgid "%f"
msgstr "%f"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:435
msgid "fully qualified user name (user@domain)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:423 sssd-krb5.5.xml:200
+#: sssd.conf.5.xml:438 sssd-krb5.5.xml:200
msgid "%%"
msgstr "%%"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424 sssd-krb5.5.xml:201
+#: sssd.conf.5.xml:439 sssd-krb5.5.xml:201
msgid "a literal '%'"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:401
+#: sssd.conf.5.xml:416
msgid ""
"Override the user's home directory. You can either provide an absolute value "
"or a template. In the template, the following sequences are substituted: "
@@ -778,90 +803,150 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430
+#: sssd.conf.5.xml:445
msgid "This option can also be set per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:450
+#, fuzzy
+#| msgid "mail_dir (string)"
+msgid "fallback_homedir (string)"
+msgstr "mail_dir (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:453
+msgid ""
+"Set a default template for a user's home directory if one is not specified "
+"explicitly by the domain's data provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:458
+msgid ""
+"The available values for this option are the same as for override_homedir."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:462
+msgid "Default: not set (no substitution for unset home directories)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:468
msgid "allowed_shells (string)"
msgstr "allowed_shells (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
+#: sssd.conf.5.xml:471
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
+#: sssd.conf.5.xml:474
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
+#: sssd.conf.5.xml:478
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:483
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:455
+#: sssd.conf.5.xml:488
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:458
+#: sssd.conf.5.xml:491
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:462
+#: sssd.conf.5.xml:495
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:500
msgid "vetoed_shells (string)"
msgstr "vetoed_shells (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:503
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:475
+#: sssd.conf.5.xml:508
msgid "shell_fallback (string)"
msgstr "shell_fallback (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:511
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
+#: sssd.conf.5.xml:515
msgid "Default: /bin/sh"
msgstr "Predeterminado: /bin/sh"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:520
+#, fuzzy
+#| msgid "default_shell (string)"
+msgid "default_shell"
+msgstr "default_shell (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:523
+msgid ""
+"The default shell to use if the provider does not return one during lookup. "
+"This option supercedes any other shell options if it takes effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:528
+msgid ""
+"Default: not set (Return NULL if no shell is specified and rely on libc to "
+"substitute something sensible when necessary, usually /bin/sh)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:535 sssd.conf.5.xml:683
+#, fuzzy
+#| msgid "entry_negative_timeout (integer)"
+msgid "get_domains_timeout (int)"
+msgstr "entry_negative_timeout (entero)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:538 sssd.conf.5.xml:686
+msgid ""
+"Specifies time in seconds for which the list of subdomains will be "
+"considered valid."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:489
+#: sssd.conf.5.xml:549
msgid "PAM configuration options"
msgstr "Opciones de configuración PAM"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:491
+#: sssd.conf.5.xml:551
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
@@ -870,48 +955,48 @@ msgstr ""
"Authentication Module (PAM)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:556
msgid "offline_credentials_expiration (integer)"
msgstr "offline_credentials_expiration (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:499
+#: sssd.conf.5.xml:559
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504 sssd.conf.5.xml:517
+#: sssd.conf.5.xml:564 sssd.conf.5.xml:577
msgid "Default: 0 (No limit)"
msgstr "Predeterminado: 0 (Sin límite)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:570
msgid "offline_failed_login_attempts (integer)"
msgstr "offline_failed_login_attempts (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:513
+#: sssd.conf.5.xml:573
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:523
+#: sssd.conf.5.xml:583
msgid "offline_failed_login_delay (integer)"
msgstr "offline_failed_login_delay (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:586
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:591
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -919,61 +1004,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537 sssd.conf.5.xml:590 sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:597 sssd.conf.5.xml:650 sssd.conf.5.xml:1315
msgid "Default: 5"
msgstr "Predeterminado: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:603
msgid "pam_verbosity (integer)"
msgstr "pam_verbosity (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:606
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:611
msgid "Currently sssd supports the following values:"
msgstr "Actualmente sssd soporta los siguientes valores:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:554
+#: sssd.conf.5.xml:614
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr "<emphasis>0</emphasis>: no mostrar ningún mensaje"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:557
+#: sssd.conf.5.xml:617
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr "<emphasis>1</emphasis>: mostrar sólo mensajes importantes"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:621
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr "<emphasis>2</emphasis>: mostrar mensajes informativos"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:624
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
"<emphasis>3</emphasis>: mostrar todos los mensajes e información de "
"depuración"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:568 sssd.8.xml:63
+#: sssd.conf.5.xml:628 sssd.8.xml:63
msgid "Default: 1"
msgstr "Predeterminado: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:573
+#: sssd.conf.5.xml:633
msgid "pam_id_timeout (integer)"
msgstr "pam_id_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:636
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -981,7 +1066,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
+#: sssd.conf.5.xml:642
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -990,45 +1075,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:656
msgid "pam_pwd_expiration_warning (integer)"
msgstr "pam_pwd_expiration_warning (entero)"
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:659 sssd.conf.5.xml:972
msgid "Display a warning N days before the password expires."
msgstr "Mostrar una advertencia N días antes que la contraseña caduque."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:662
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
"cannot display a warning."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:668 sssd.conf.5.xml:975
+msgid ""
+"If zero is set, then this filter is not applied, i.e. if the expiration "
+"warning was received from backend server, it will automatically be displayed."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:608
-msgid "Default: 7"
-msgstr "Predeterminado: 7"
+#: sssd.conf.5.xml:673
+msgid ""
+"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
+"emphasis> for a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:678 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Predeterminado: 0"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:616
+#: sssd.conf.5.xml:698
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:618
+#: sssd.conf.5.xml:700
msgid "These options can be used to configure the sudo service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:707
msgid "sudo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:710
msgid ""
"For any sudo request that comes while SSSD is online, the SSSD will attempt "
"to update the cached rules in order to ensure that sudo has the latest "
@@ -1036,7 +1135,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:716
msgid ""
"The user may, however, run a couple of sudo commands successively, which "
"would trigger multiple LDAP requests. In order to speed up this use-case, "
@@ -1045,64 +1144,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:641
+#: sssd.conf.5.xml:723
msgid ""
"This option controls how long (in seconds) can the sudo service cache rules "
"for a user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:727
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:732
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:735
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:748
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:750
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:676
+#: sssd.conf.5.xml:758
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:679
+#: sssd.conf.5.xml:761
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
"before asking the back end again."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:776
+#, fuzzy
+#| msgid "NSS configuration options"
+msgid "SSH configuration options"
+msgstr "Opciones de configuración de NSS"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:778
+#, fuzzy
+#| msgid "These options can be used to configure any service."
+msgid "These options can be used to configure the SSH service."
+msgstr "Estas opciones pueden usarse para configurar cualquier servicio."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:786
+msgid "ssh_hash_known_hosts (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:789
+msgid ""
+"Whether or not to hash host names and adresses in the managed known_hosts "
+"file."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:803
msgid "DOMAIN SECTIONS"
msgstr "SECCIONES DE DOMINIO"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:810
msgid "min_id,max_id (integer)"
msgstr "min_id, max_id (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:706
+#: sssd.conf.5.xml:813
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
@@ -1111,7 +1236,7 @@ msgstr ""
"está fuera de estos límites, ésta es ignorada."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:711
+#: sssd.conf.5.xml:818
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1120,56 +1245,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:825
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "Predeterminado: 1 para min_id, 0 (sin límite) para max_id"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
-msgid "timeout (integer)"
-msgstr "timeout (entero)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
-msgid ""
-"Timeout in seconds between heartbeats for this domain. This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr "Predeterminado: 10"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:738
+#: sssd.conf.5.xml:831
msgid "enumerate (bool)"
msgstr "enumerar (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:834
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:745
+#: sssd.conf.5.xml:838
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:841
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:856 sssd.conf.5.xml:910
+#: sssd.conf.5.xml:844 sssd.conf.5.xml:949 sssd.conf.5.xml:1031
msgid "Default: FALSE"
msgstr "Predeterminado: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:754
+#: sssd.conf.5.xml:847
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1179,14 +1287,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:764
+#: sssd.conf.5.xml:857
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:862
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1195,12 +1303,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:873
msgid "entry_cache_timeout (integer)"
msgstr "entry_cache_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:876
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
@@ -1209,88 +1317,88 @@ msgstr ""
"volver a consultar al backend"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:880
msgid "Default: 5400"
msgstr "Predeterminado: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:886
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796
+#: sssd.conf.5.xml:889
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800 sssd.conf.5.xml:813 sssd.conf.5.xml:826
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:893 sssd.conf.5.xml:906 sssd.conf.5.xml:919
+#: sssd.conf.5.xml:932
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:899
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:902
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:819
+#: sssd.conf.5.xml:912
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:915
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:925
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:928
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:938
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:941
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:945
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
"Las credenciales de usuario son almacenadas en un hash SHA512, no en texto "
"plano"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:861
+#: sssd.conf.5.xml:954
msgid "account_cache_expiration (integer)"
msgstr "account_cache_expiration (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:957
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1299,47 +1407,77 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:964
msgid "Default: 0 (unlimited)"
msgstr "Predeterminado: 0 (ilimitado)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:969
+#, fuzzy
+#| msgid "pam_pwd_expiration_warning (integer)"
+msgid "pwd_expiration_warning (integer)"
+msgstr "pam_pwd_expiration_warning (entero)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:980
+msgid ""
+"Please note that the backend server has to provide information about the "
+"expiration time of the password. If this information is missing, sssd "
+"cannot display a warning. Also an auth provider has to be configured for the "
+"backend."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:987
+#, fuzzy
+#| msgid "Default: memberHost"
+msgid "Default: 7 (Kerberos), 0 (LDAP)"
+msgstr "Predeterminado: memberHost"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:993
msgid "id_provider (string)"
msgstr "id_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:880
+#: sssd.conf.5.xml:996
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:1000
msgid "Supported backends:"
msgstr "Backends soportados:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:887
+#: sssd.conf.5.xml:1003
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:890
+#: sssd.conf.5.xml:1006
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:1009
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:899
+#: sssd.conf.5.xml:1015
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:1018
+msgid ""
+"Use the full name and domain (as formatted by the domain's full_name_format) "
+"as the user's login name reported to NSS."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1023
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1348,12 +1486,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:915
+#: sssd.conf.5.xml:1036
msgid "auth_provider (string)"
msgstr "auth_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:918
+#: sssd.conf.5.xml:1039
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
@@ -1362,7 +1500,7 @@ msgstr ""
"autenticación soportados son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
+#: sssd.conf.5.xml:1043
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1370,7 +1508,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:929
+#: sssd.conf.5.xml:1050
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1378,30 +1516,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:1057
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1060
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1063
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:1069
msgid "access_provider (string)"
msgstr "access_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:951
+#: sssd.conf.5.xml:1072
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1409,17 +1547,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
-msgid "<quote>permit</quote> always allow access."
-msgstr "<quote>permit</quote> siempre permitir el acceso."
+#: sssd.conf.5.xml:1078
+msgid ""
+"<quote>permit</quote> always allow access. It's the only permitted access "
+"provider for a local domain."
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:960
+#: sssd.conf.5.xml:1081
msgid "<quote>deny</quote> always deny access."
msgstr "<quote>deny</quote> siempre niega el acceso."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1084
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1428,24 +1568,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1091
msgid "Default: <quote>permit</quote>"
msgstr "Predeterminado: <quote>permit</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1096
msgid "chpass_provider (string)"
msgstr "chpass_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:978
+#: sssd.conf.5.xml:1099
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1104
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1453,7 +1593,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:991
+#: sssd.conf.5.xml:1112
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1465,7 +1605,7 @@ msgstr ""
"configurar LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1120
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1476,36 +1616,36 @@ msgstr ""
"citerefentry> para más información sobre configurar Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1007
+#: sssd.conf.5.xml:1128
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1011
+#: sssd.conf.5.xml:1132
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
"<quote>none</quote> deniega explícitamente los cambios en la contraseña."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1135
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1021
+#: sssd.conf.5.xml:1142
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1148
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1031
+#: sssd.conf.5.xml:1152
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1513,29 +1653,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
+#: sssd.conf.5.xml:1159
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1041
+#: sssd.conf.5.xml:1162 sssd.conf.5.xml:1246 sssd.conf.5.xml:1271
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1047
+#: sssd.conf.5.xml:1168
msgid "session_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1171
msgid ""
"The provider which should handle loading of session settings. Supported "
"session providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1055
+#: sssd.conf.5.xml:1176
msgid ""
"<quote>ipa</quote> to load session settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1543,66 +1683,167 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1184
msgid "<quote>none</quote> disallows fetching session settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1187
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"session loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1193
+#, fuzzy
+#| msgid "id_provider (string)"
+msgid "subdomains_provider (string)"
+msgstr "id_provider (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1196
+msgid ""
+"The provider which should handle fetching of subdomains. This value should "
+"be always the same as id_provider. Supported subdomain providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1201
+#, fuzzy
+#| msgid ""
+#| "<quote>ldap</quote> to change a password stored in a LDAP server. See "
+#| "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> for more information on configuring LDAP."
+msgid ""
+"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+"<quote>ldap</quote> para cambiar una contraseña almacenada en un servidor "
+"LDAP. Vea <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> para más información sobre "
+"configurar LDAP."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1209
+#, fuzzy
+#| msgid "<quote>none</quote> disallows password changes explicitly."
+msgid "<quote>none</quote> disallows fetching subdomains explicitly."
+msgstr ""
+"<quote>none</quote> deniega explícitamente los cambios en la contraseña."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1212 sssd-ldap.5.xml:1499
+msgid "Default: none"
+msgstr "Predeterminado: none"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1218
+msgid "autofs_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1224
+msgid ""
+"The autofs provider used for the domain. Supported autofs providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1228
+msgid ""
+"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1235
+msgid ""
+"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
+"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1243
+msgid "<quote>none</quote> disables autofs explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1253
+msgid "hostid_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1256
+msgid ""
+"The provider used for retrieving host identity information. Supported "
+"hostid providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1260
+msgid ""
+"<quote>ipa</quote> to load host identity stored in an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1268
+msgid "<quote>none</quote> disables hostid explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1278
msgid "lookup_family_order (string)"
msgstr "lookup_family_order (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1076
+#: sssd.conf.5.xml:1281
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1285
msgid "Supported values:"
msgstr "Valores soportados:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1083
+#: sssd.conf.5.xml:1288
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr "ipv4_first: Intenta buscar dirección IPv4, si falla, intenta IPv6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1291
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr "ipv4_only: Sólo intenta resolver nombres de host a direccones IPv4."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1294
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr "ipv6_first: Intenta buscar dirección IPv6, si falla, intenta IPv4"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1092
+#: sssd.conf.5.xml:1297
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr "ipv6_only: Sólo intenta resolver nombres de host a direccones IPv6."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1095
+#: sssd.conf.5.xml:1300
msgid "Default: ipv4_first"
msgstr "Predeterminado: ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1306
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1104
+#: sssd.conf.5.xml:1309
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1610,52 +1851,86 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1321
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1324
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1328
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
"Predeterminado: Utilizar la parte del dominio del nombre de host del equipo"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1129
+#: sssd.conf.5.xml:1334
msgid "override_gid (integer)"
msgstr "override_gid (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1337
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1138
+#: sssd.conf.5.xml:1343
msgid "case_sensitive (boolean)"
msgstr "case_sensitive (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1346
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1351
msgid "Default: True"
msgstr "Predeterminado: True"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1357
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1360
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1374
+#, fuzzy
+#| msgid "override_homedir (string)"
+msgid "subdomain_homedir (string)"
+msgstr "override_homedir (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1377
+msgid ""
+"Use this homedir as default value for all subdomains within this domain. See "
+"<emphasis>override_homedir</emphasis> for info about possible values."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1382
+msgid ""
+"The value can be overridden by <emphasis>override_homedir</emphasis> option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:805
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1663,29 +1938,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1395
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1398
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1401
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1409
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1412
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1693,7 +1968,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1154
+#: sssd.conf.5.xml:1391
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
@@ -1702,12 +1977,12 @@ msgstr ""
"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1187
+#: sssd.conf.5.xml:1424
msgid "The local domain section"
msgstr "La sección de dominio local"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1426
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1718,29 +1993,29 @@ msgstr ""
"utiliza <replaceable>id_provider=local</replaceable>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1433
msgid "default_shell (string)"
msgstr "default_shell (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1436
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
"El shell predeterminado para los usuarios creados con herramientas de "
"espacio de usuario SSSD."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1440
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Predeterminado: <filename>/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1445
msgid "base_directory (string)"
msgstr "base_directory (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211
+#: sssd.conf.5.xml:1448
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
@@ -1750,46 +2025,46 @@ msgstr ""
"de inicio."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1453
msgid "Default: <filename>/home</filename>"
msgstr "Predeterminado: <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1221
+#: sssd.conf.5.xml:1458
msgid "create_homedir (bool)"
msgstr "create_homedir (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1224
+#: sssd.conf.5.xml:1461
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1228 sssd.conf.5.xml:1240
+#: sssd.conf.5.xml:1465 sssd.conf.5.xml:1477
msgid "Default: TRUE"
msgstr "Predeterminado: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1470
msgid "remove_homedir (bool)"
msgstr "remove_homedir (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1473
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1245
+#: sssd.conf.5.xml:1482
msgid "homedir_umask (integer)"
msgstr "homedir_umask (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1248
+#: sssd.conf.5.xml:1485
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1800,17 +2075,17 @@ msgstr ""
"predeterminados en un directorio de inicio recién creado."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1256
+#: sssd.conf.5.xml:1493
msgid "Default: 077"
msgstr "Predeterminado: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1498
msgid "skel_dir (string)"
msgstr "skel_dir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1501
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1823,17 +2098,17 @@ msgstr ""
"<manvolnum>8</manvolnum></citerefentry>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1274
+#: sssd.conf.5.xml:1511
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Predeterminado: <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1516
msgid "mail_dir (string)"
msgstr "mail_dir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1519
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1841,17 +2116,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1289
+#: sssd.conf.5.xml:1526
msgid "Default: <filename>/var/mail</filename>"
msgstr "Predeterminado: <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1531
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1297
+#: sssd.conf.5.xml:1534
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1859,18 +2134,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1540
msgid "Default: None, no command is run"
msgstr "Predeterminado: None, no se ejecuta comando"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1313 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1550 sssd-ldap.5.xml:2145 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:563 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr "EJEMPLO"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1319
+#: sssd.conf.5.xml:1556
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1924,7 +2199,7 @@ msgstr ""
"enumerate = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1552
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1933,7 +2208,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1587
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -2152,204 +2427,228 @@ msgstr "ldap_schema (cadena)"
msgid ""
"Specifies the Schema Type in use on the target LDAP server. Depending on "
"the selected schema, the default attribute names retrieved from the servers "
-"may vary. The way that some attributes are handled may also differ. Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
+"may vary. The way that some attributes are handled may also differ. Four "
+"schema types are currently supported: rfc2307 rfc2307bis IPA AD The main "
"difference between these schema types is how group memberships are recorded "
"in the server. With rfc2307, group members are listed by name in the "
"<emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, group "
"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
+"attribute. The AD schema type sets the attributes to correspond with Active "
+"Directory 2008r2 values."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
+#: sssd-ldap.5.xml:183
msgid "Default: rfc2307"
msgstr "Predeterminado: rfc2307"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
+#: sssd-ldap.5.xml:189
msgid "ldap_default_bind_dn (string)"
msgstr "ldap_default_bind_dn (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
+#: sssd-ldap.5.xml:192
msgid "The default bind DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
+#: sssd-ldap.5.xml:199
msgid "ldap_default_authtok_type (string)"
msgstr "ldap_default_authtok_type (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
+#: sssd-ldap.5.xml:202
msgid "The type of the authentication token of the default bind DN."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
+#: sssd-ldap.5.xml:206
msgid "The two mechanisms currently supported are:"
msgstr "Los dos mecanismos actualmente soportados son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
+#: sssd-ldap.5.xml:209
msgid "password"
msgstr "contraseña"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
+#: sssd-ldap.5.xml:212
msgid "obfuscated_password"
msgstr "obfuscated_password"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
+#: sssd-ldap.5.xml:215
msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
+#: sssd-ldap.5.xml:221
msgid "ldap_default_authtok (string)"
msgstr "ldap_default_authtok (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
+#: sssd-ldap.5.xml:224
msgid ""
"The authentication token of the default bind DN. Only clear text passwords "
"are currently supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
+#: sssd-ldap.5.xml:231
msgid "ldap_user_object_class (string)"
msgstr "ldap_user_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
+#: sssd-ldap.5.xml:234
msgid "The object class of a user entry in LDAP."
msgstr "La clase de objeto de una entrada de usuario en LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
+#: sssd-ldap.5.xml:237
msgid "Default: posixAccount"
msgstr "Predeterminado: posixAccount"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
+#: sssd-ldap.5.xml:243
msgid "ldap_user_name (string)"
msgstr "ldap_user_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
+#: sssd-ldap.5.xml:246
msgid "The LDAP attribute that corresponds to the user's login name."
msgstr ""
"El atributo LDAP que corresponde al nombre de inicio de sesión del usuario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
+#: sssd-ldap.5.xml:250
msgid "Default: uid"
msgstr "Predeterminado: uid"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
+#: sssd-ldap.5.xml:256
msgid "ldap_user_uid_number (string)"
msgstr "ldap_user_uid_number (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
+#: sssd-ldap.5.xml:259
msgid "The LDAP attribute that corresponds to the user's id."
msgstr "El atributo LDAP que corresponde al id de usuario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
+#: sssd-ldap.5.xml:263
msgid "Default: uidNumber"
msgstr "Predeterminado: uidNumber"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
+#: sssd-ldap.5.xml:269
msgid "ldap_user_gid_number (string)"
msgstr "ldap_user_gid_number (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
+#: sssd-ldap.5.xml:272
msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr "El atributo LDAP que corresponde al id del grupo primario del usuario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
+#: sssd-ldap.5.xml:276 sssd-ldap.5.xml:758
msgid "Default: gidNumber"
msgstr "Predeterminado: gidNumber"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
+#: sssd-ldap.5.xml:282
msgid "ldap_user_gecos (string)"
msgstr "ldap_user_gecos (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
+#: sssd-ldap.5.xml:285
msgid "The LDAP attribute that corresponds to the user's gecos field."
msgstr "El atributo LDAP que corresponde al campo de gecos del usuario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
+#: sssd-ldap.5.xml:289
msgid "Default: gecos"
msgstr "Predeterminado: gecos"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
+#: sssd-ldap.5.xml:295
msgid "ldap_user_home_directory (string)"
msgstr "ldap_user_home_directory (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
+#: sssd-ldap.5.xml:298
msgid "The LDAP attribute that contains the name of the user's home directory."
msgstr ""
"El atributo LDAP que contiene el nombre del directorio principal del usuario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
+#: sssd-ldap.5.xml:302
msgid "Default: homeDirectory"
msgstr "Predeterminado: homeDirectory"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
+#: sssd-ldap.5.xml:308
msgid "ldap_user_shell (string)"
msgstr "ldap_user_shell (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
+#: sssd-ldap.5.xml:311
msgid "The LDAP attribute that contains the path to the user's default shell."
msgstr ""
"El atributo LDAP que contiene la ruta de acceso a la shell predeterminada "
"del usuario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
+#: sssd-ldap.5.xml:315
msgid "Default: loginShell"
msgstr "Predeterminado: loginShell"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
+#: sssd-ldap.5.xml:321
msgid "ldap_user_uuid (string)"
msgstr "ldap_user_uuid (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
+#: sssd-ldap.5.xml:324
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
"El atributo LDAP que contiene el GUID/UUID de un objeto de usuario LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
+#: sssd-ldap.5.xml:328 sssd-ldap.5.xml:784 sssd-ldap.5.xml:911
msgid "Default: nsUniqueId"
msgstr "Predeterminado: nsUniqueId"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
+#: sssd-ldap.5.xml:334
+#, fuzzy
+#| msgid "ldap_user_object_class (string)"
+msgid "ldap_user_objectsid (string)"
+msgstr "ldap_user_object_class (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:337
+#, fuzzy
+#| msgid ""
+#| "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP user object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+"El atributo LDAP que contiene el GUID/UUID de un objeto de usuario LDAP."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:342 sssd-ldap.5.xml:798
+msgid "Default: objectSid for ActiveDirectory, not set for other servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:349
msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
+#: sssd-ldap.5.xml:352 sssd-ldap.5.xml:808 sssd-ldap.5.xml:920
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
@@ -2358,17 +2657,17 @@ msgstr ""
"objeto primario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
+#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:812 sssd-ldap.5.xml:927
msgid "Default: modifyTimestamp"
msgstr "Predeterminado: modifyTimestamp"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
+#: sssd-ldap.5.xml:362
msgid "ldap_user_shadow_last_change (string)"
msgstr "ldap_user_shadow_last_change (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
+#: sssd-ldap.5.xml:365
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2377,17 +2676,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
+#: sssd-ldap.5.xml:375
msgid "Default: shadowLastChange"
msgstr "Predeterminado: shadowLastChange"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
+#: sssd-ldap.5.xml:381
msgid "ldap_user_shadow_min (string)"
msgstr "ldap_user_shadow_min (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
+#: sssd-ldap.5.xml:384
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2396,17 +2695,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
+#: sssd-ldap.5.xml:393
msgid "Default: shadowMin"
msgstr "Predeterminado: shadowMin"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
+#: sssd-ldap.5.xml:399
msgid "ldap_user_shadow_max (string)"
msgstr "ldap_user_shadow_max (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
+#: sssd-ldap.5.xml:402
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2415,17 +2714,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
+#: sssd-ldap.5.xml:411
msgid "Default: shadowMax"
msgstr "Predeterminado: shadowMax"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
+#: sssd-ldap.5.xml:417
msgid "ldap_user_shadow_warning (string)"
msgstr "ldap_user_shadow_warning (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
+#: sssd-ldap.5.xml:420
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2434,17 +2733,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
+#: sssd-ldap.5.xml:430
msgid "Default: shadowWarning"
msgstr "Predeterminado: shadowWarning"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
+#: sssd-ldap.5.xml:436
msgid "ldap_user_shadow_inactive (string)"
msgstr "ldap_user_shadow_inactive (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
+#: sssd-ldap.5.xml:439
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2453,17 +2752,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
+#: sssd-ldap.5.xml:449
msgid "Default: shadowInactive"
msgstr "Predeterminado: shadowInactive"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
+#: sssd-ldap.5.xml:455
msgid "ldap_user_shadow_expire (string)"
msgstr "ldap_user_shadow_expire (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
+#: sssd-ldap.5.xml:458
msgid ""
"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
"parameter contains the name of an LDAP attribute corresponding to its "
@@ -2472,17 +2771,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
+#: sssd-ldap.5.xml:468
msgid "Default: shadowExpire"
msgstr "Predeterminado: shadowExpire"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
+#: sssd-ldap.5.xml:474
msgid "ldap_user_krb_last_pwd_change (string)"
msgstr "ldap_user_krb_last_pwd_change (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
+#: sssd-ldap.5.xml:477
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time of last password change in "
@@ -2490,158 +2789,158 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
+#: sssd-ldap.5.xml:483
msgid "Default: krbLastPwdChange"
msgstr "Predeterminado: krbLastPwdChange"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
+#: sssd-ldap.5.xml:489
msgid "ldap_user_krb_password_expiration (string)"
msgstr "ldap_user_krb_password_expiration (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
+#: sssd-ldap.5.xml:492
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time when current password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
+#: sssd-ldap.5.xml:498
msgid "Default: krbPasswordExpiration"
msgstr "Predeterminado: krbPasswordExpiration"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
+#: sssd-ldap.5.xml:504
msgid "ldap_user_ad_account_expires (string)"
msgstr "ldap_user_ad_account_expires (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
+#: sssd-ldap.5.xml:507
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the expiration time of the account."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
+#: sssd-ldap.5.xml:512
msgid "Default: accountExpires"
msgstr "Predeterminado: accountExpires"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
+#: sssd-ldap.5.xml:518
msgid "ldap_user_ad_user_account_control (string)"
msgstr "ldap_user_ad_user_account_control (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
+#: sssd-ldap.5.xml:521
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the user account control bit field."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
+#: sssd-ldap.5.xml:526
msgid "Default: userAccountControl"
msgstr "Predeterminado: userAccountControl"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
+#: sssd-ldap.5.xml:532
msgid "ldap_ns_account_lock (string)"
msgstr "ldap_ns_account_lock (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
+#: sssd-ldap.5.xml:535
msgid ""
"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
"determines if access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
+#: sssd-ldap.5.xml:540
msgid "Default: nsAccountLock"
msgstr "Predeterminado: nsAccountLock"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
+#: sssd-ldap.5.xml:546
msgid "ldap_user_nds_login_disabled (string)"
msgstr "ldap_user_nds_login_disabled (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
+#: sssd-ldap.5.xml:549
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines if "
"access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
+#: sssd-ldap.5.xml:553 sssd-ldap.5.xml:567
msgid "Default: loginDisabled"
msgstr "Predeterminado: loginDisabled"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
+#: sssd-ldap.5.xml:559
msgid "ldap_user_nds_login_expiration_time (string)"
msgstr "ldap_user_nds_login_expiration_time (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
+#: sssd-ldap.5.xml:562
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines until "
"which date access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
+#: sssd-ldap.5.xml:573
msgid "ldap_user_nds_login_allowed_time_map (string)"
msgstr "ldap_user_nds_login_allowed_time_map (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
+#: sssd-ldap.5.xml:576
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines the "
"hours of a day in a week when access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
+#: sssd-ldap.5.xml:581
msgid "Default: loginAllowedTimeMap"
msgstr "Predeterminado: loginAllowedTimeMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
+#: sssd-ldap.5.xml:587
msgid "ldap_user_principal (string)"
msgstr "ldap_user_principal (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
+#: sssd-ldap.5.xml:590
msgid ""
"The LDAP attribute that contains the user's Kerberos User Principal Name "
"(UPN)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
+#: sssd-ldap.5.xml:594
msgid "Default: krbPrincipalName"
msgstr "Predeterminado: krbPrincipalName"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
+#: sssd-ldap.5.xml:600
msgid "ldap_user_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
+#: sssd-ldap.5.xml:603
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
+#: sssd-ldap.5.xml:610
msgid "ldap_force_upper_case_realm (boolean)"
msgstr "ldap_force_upper_case_realm (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
+#: sssd-ldap.5.xml:613
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -2650,29 +2949,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
+#: sssd-ldap.5.xml:626
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr "ldap_enumeration_refresh_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
+#: sssd-ldap.5.xml:629
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:634 sssd-ldap.5.xml:1887
msgid "Default: 300"
msgstr "Predeterminado: 300"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
+#: sssd-ldap.5.xml:640
msgid "ldap_purge_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
+#: sssd-ldap.5.xml:643
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -2680,56 +2979,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
+#: sssd-ldap.5.xml:649
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
"Establecer esta opción en cero desactivará la operación de limpieza de la "
"caché."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
+#: sssd-ldap.5.xml:653
msgid "Default: 10800 (12 hours)"
msgstr "Predeterminado: 10800 (12 horas)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
+#: sssd-ldap.5.xml:659
msgid "ldap_user_fullname (string)"
msgstr "ldap_user_fullname (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
+#: sssd-ldap.5.xml:662
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr "El atributo LDAP que corresponde al nombre completo del usuario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
+#: sssd-ldap.5.xml:666 sssd-ldap.5.xml:745 sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:952 sssd-ldap.5.xml:1742 sssd-ldap.5.xml:1960
+#: sssd-ipa.5.xml:441
msgid "Default: cn"
msgstr "Predeterminado: cn"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
+#: sssd-ldap.5.xml:672
msgid "ldap_user_member_of (string)"
msgstr "ldap_user_member_of (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
+#: sssd-ldap.5.xml:675
msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
+#: sssd-ldap.5.xml:679 sssd-ipa.5.xml:345
msgid "Default: memberOf"
msgstr "Predeterminado: memberOf"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
+#: sssd-ldap.5.xml:685
msgid "ldap_user_authorized_service (string)"
msgstr "ldap_user_authorized_service (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
+#: sssd-ldap.5.xml:688
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -2737,24 +3036,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
+#: sssd-ldap.5.xml:695
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:700
msgid "Default: authorizedService"
msgstr "Predeterminado: iluminada"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
+#: sssd-ldap.5.xml:706
msgid "ldap_user_authorized_host (string)"
msgstr "ldap_user_authorized_host (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
+#: sssd-ldap.5.xml:709
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -2762,89 +3061,106 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
+#: sssd-ldap.5.xml:715
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
+#: sssd-ldap.5.xml:720
msgid "Default: host"
msgstr "Default: host"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:726
msgid "ldap_group_object_class (string)"
msgstr "ldap_group_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
+#: sssd-ldap.5.xml:729
msgid "The object class of a group entry in LDAP."
msgstr "La clase de objeto de una entrada de grupo LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
+#: sssd-ldap.5.xml:732
msgid "Default: posixGroup"
msgstr "Por defecto: posixGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:738
msgid "ldap_group_name (string)"
msgstr "ldap_group_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
+#: sssd-ldap.5.xml:741
msgid "The LDAP attribute that corresponds to the group name."
msgstr "El atributo LDAP que corresponde al nombre de grupo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:751
msgid "ldap_group_gid_number (string)"
msgstr "ldap_group_gid_number (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:754
msgid "The LDAP attribute that corresponds to the group's id."
msgstr "El atributo LDAP que corresponde al id del grupo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
+#: sssd-ldap.5.xml:764
msgid "ldap_group_member (string)"
msgstr "ldap_group_member (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
+#: sssd-ldap.5.xml:767
msgid "The LDAP attribute that contains the names of the group's members."
msgstr "El atributo LDAP que contiene los nombres de los miembros del grupo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
+#: sssd-ldap.5.xml:771
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr "Valor predeterminado: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
+#: sssd-ldap.5.xml:777
msgid "ldap_group_uuid (string)"
msgstr "ldap_group_uuid (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:780
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr "El atributo LDAP que contiene el UUID/GUID de un objeto de grupo LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:790
+#, fuzzy
+#| msgid "ldap_group_object_class (string)"
+msgid "ldap_group_objectsid (string)"
+msgstr "ldap_group_object_class (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:793
+#, fuzzy
+#| msgid ""
+#| "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP group object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr "El atributo LDAP que contiene el UUID/GUID de un objeto de grupo LDAP."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:805
msgid "ldap_group_modify_timestamp (string)"
msgstr "ldap_group_modify_timestamp (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:818
msgid "ldap_group_nesting_level (integer)"
msgstr "ldap_group_nesting_level (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:821
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -2852,198 +3168,198 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
+#: sssd-ldap.5.xml:828
msgid "Default: 2"
msgstr "Predeterminado: 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:834
msgid "ldap_netgroup_object_class (string)"
msgstr "ldap_netgroup_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
+#: sssd-ldap.5.xml:837
msgid "The object class of a netgroup entry in LDAP."
msgstr "La clase de objeto de una entrada netgroup en LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
+#: sssd-ldap.5.xml:840
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:844
msgid "Default: nisNetgroup"
msgstr "Predeterminado: nisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
+#: sssd-ldap.5.xml:850
msgid "ldap_netgroup_name (string)"
msgstr "ldap_netgroup_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
+#: sssd-ldap.5.xml:853
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr "El atributo LDAP que corresponde al nombre del netgroup."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:857
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
+#: sssd-ldap.5.xml:867
msgid "ldap_netgroup_member (string)"
msgstr "ldap_netgroup_member (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
+#: sssd-ldap.5.xml:870
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
+#: sssd-ldap.5.xml:874
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:878
msgid "Default: memberNisNetgroup"
msgstr "Predeterminado: memberNisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:884
msgid "ldap_netgroup_triple (string)"
msgstr "ldap_netgroup_triple (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
+#: sssd-ldap.5.xml:887
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
+#: sssd-ldap.5.xml:891 sssd-ldap.5.xml:924
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:894
msgid "Default: nisNetgroupTriple"
msgstr "Predeterminado: nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
+#: sssd-ldap.5.xml:900
msgid "ldap_netgroup_uuid (string)"
msgstr "ldap_netgroup_uuid (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
+#: sssd-ldap.5.xml:903
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
+#: sssd-ldap.5.xml:907
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
+#: sssd-ldap.5.xml:917
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:933
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:936
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:939
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:945
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:948
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
+#: sssd-ldap.5.xml:958
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
+#: sssd-ldap.5.xml:961
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
+#: sssd-ldap.5.xml:965
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
+#: sssd-ldap.5.xml:971
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:974
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
+#: sssd-ldap.5.xml:978
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
+#: sssd-ldap.5.xml:984
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:987
msgid "An optional base DN to restrict service searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
+#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1997 sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2035 sssd-ldap.5.xml:2098 sssd-ldap.5.xml:2120
+#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 sssd-ipa.5.xml:206
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
+#: sssd-ldap.5.xml:996 sssd-ldap.5.xml:2002 sssd-ldap.5.xml:2021
+#: sssd-ldap.5.xml:2040 sssd-ldap.5.xml:2103 sssd-ldap.5.xml:2125
#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr "Predeterminado: el valor de <emphasis>ldap_search_base</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
+#: sssd-ldap.5.xml:1003
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1006
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -3051,7 +3367,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
+#: sssd-ldap.5.xml:1012
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -3059,35 +3375,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
+#: sssd-ldap.5.xml:1018 sssd-ldap.5.xml:1060 sssd-ldap.5.xml:1075
msgid "Default: 6"
msgstr "Predeterminado: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1024
msgid "ldap_enumeration_search_timeout (integer)"
msgstr "ldap_enumeration_search_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1027
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
"are returned (and offline mode is entered)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr "Predeterminado: 60"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1040
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1043
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -3098,12 +3409,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
+#: sssd-ldap.5.xml:1066
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
+#: sssd-ldap.5.xml:1069
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -3111,12 +3422,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1081
msgid "ldap_connection_expire_timeout (integer)"
msgstr "ldap_connection_expire_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1084
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -3125,34 +3436,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
+#: sssd-ldap.5.xml:1092
msgid "Default: 900 (15 minutes)"
msgstr "Predeterminado: 900 (15 minutos)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1098
msgid "ldap_page_size (integer)"
msgstr "ldap_page_size (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
+#: sssd-ldap.5.xml:1101
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1106
msgid "Default: 1000"
msgstr "Predeterminado: 1000"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
+#: sssd-ldap.5.xml:1112
+msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1115
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -3160,27 +3471,50 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
+#: sssd-ldap.5.xml:1121
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1127
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
"requests being denied."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1133 include/ldap_id_mapping.xml:184
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1139
+msgid "ldap_sasl_minssf (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1142
+msgid ""
+"When communicating with an LDAP server using SASL, specify the minimum "
+"security level necessary to establish the connection. The values of this "
+"option are defined by OpenLDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1148
+msgid "Default: Use the system default (usually specified by ldap.conf)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1155
msgid "ldap_deref_threshold (integer)"
msgstr "ldap_deref_threshold (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1158
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -3188,13 +3522,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1164
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1168
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -3203,7 +3537,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
+#: sssd-ldap.5.xml:1176
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -3211,26 +3545,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1189
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
+#: sssd-ldap.5.xml:1192
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1198
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
+#: sssd-ldap.5.xml:1202
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3238,7 +3572,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1209
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3246,7 +3580,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1215
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3254,41 +3588,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1221
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1225
msgid "Default: hard"
msgstr "Predeterminado: hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
+#: sssd-ldap.5.xml:1231
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
+#: sssd-ldap.5.xml:1234
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
+#: sssd-ldap.5.xml:1239 sssd-ldap.5.xml:1257 sssd-ldap.5.xml:1298
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1246
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1249
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3297,38 +3631,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1264
msgid "ldap_tls_cert (string)"
msgstr "ldap_tls_cert (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1267
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1271 sssd-ldap.5.xml:1283 sssd-ldap.5.xml:1344
+#: sssd-ldap.5.xml:2058 sssd-ldap.5.xml:2085 sssd-krb5.5.xml:359
+#: include/ldap_id_mapping.xml:145 include/ldap_id_mapping.xml:156
msgid "Default: not set"
msgstr "Predeterminado: no definido"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1277
msgid "ldap_tls_key (string)"
msgstr "ldap_tls_key (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1280
msgid "Specifies the file that contains the client's key."
msgstr "Especifica el archivo que contiene la clave del cliente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
+#: sssd-ldap.5.xml:1289
msgid "ldap_tls_cipher_suite (string)"
msgstr "ldap_tls_cipher_suite (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
+#: sssd-ldap.5.xml:1292
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3336,24 +3671,44 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1305
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1308
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1318
+#, fuzzy
+#| msgid "ldap_referrals (boolean)"
+msgid "ldap_id_mapping (boolean)"
+msgstr "ldap_referrals (boolean)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1321
+msgid ""
+"Specifies that SSSD should attempt to map user and group IDs from the "
+"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
+"on ldap_user_uid_number and ldap_group_gid_number."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1327
+msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1337
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1340
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
@@ -3361,67 +3716,62 @@ msgstr ""
"Especifica el mecanismo SASL a emplear. Actualmente sólo GSSAPI está "
"probado y soportado."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr "Predeterminado: none"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1350
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
+#: sssd-ldap.5.xml:1353
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
+#: sssd-ldap.5.xml:1358
msgid "Default: host/machine.fqdn@REALM"
msgstr "Predeterminado: host/machine.fqdn@REALM"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1364
msgid "ldap_sasl_canonicalize (boolean)"
msgstr "ldap_sasl_canonicalize (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
+#: sssd-ldap.5.xml:1367
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
+#: sssd-ldap.5.xml:1372
msgid "Default: false;"
msgstr "Predeterminado: false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1378
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
+#: sssd-ldap.5.xml:1381
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1384
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
+#: sssd-ldap.5.xml:1390
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
+#: sssd-ldap.5.xml:1393
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -3429,27 +3779,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1405
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1408
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
+#: sssd-ldap.5.xml:1412
msgid "Default: 86400 (24 hours)"
msgstr "Predeterminado: 86400 (24 horas)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1418 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr "krb5_server (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1421 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -3461,7 +3811,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1433 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -3469,7 +3819,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1438 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -3477,41 +3827,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1447 sssd-ipa.5.xml:235 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1450
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
+#: sssd-ldap.5.xml:1453
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
"Predeterminado: Predeterminados del sistema, vea <filename>/etc/krb5.conf</"
"filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1459 sssd-ipa.5.xml:250 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1462
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
+#: sssd-ldap.5.xml:1474
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
+#: sssd-ldap.5.xml:1477
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
@@ -3520,14 +3870,14 @@ msgstr ""
"del cliente. Los siguientes valores son permitidos:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1482
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
+#: sssd-ldap.5.xml:1487
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -3535,7 +3885,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
+#: sssd-ldap.5.xml:1493
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -3543,46 +3893,55 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1505
msgid "ldap_referrals (boolean)"
msgstr "ldap_referrals (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1508
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
+#: sssd-ldap.5.xml:1512
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1517
+msgid ""
+"Chasing referrals may incur a performance penalty in environments that use "
+"them heavily, a notable example is Microsoft Active Directory. If your setup "
+"does not in fact require the use of referrals, setting this option to false "
+"might bring a noticeable performance improvement."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1531
msgid "ldap_dns_service_name (string)"
msgstr "ldap_dns_service_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1534
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
"Especifica el nombre del servicio para utilizar cuando está habilitado el "
"servicio de descubrimiento."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1538
msgid "Default: ldap"
msgstr "Predeterminado: ldap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1544
msgid "ldap_chpass_dns_service_name (string)"
msgstr "ldap_chpass_dns_service_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
+#: sssd-ldap.5.xml:1547
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
@@ -3592,32 +3951,32 @@ msgstr ""
"descubrimiento."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1552
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
+#: sssd-ldap.5.xml:1558
msgid "ldap_access_filter (string)"
msgstr "ldap_access_filter (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1561
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
+"it will result in all users being denied access. Use access_provider = "
+"permit to change this default behavior."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:1571 sssd-ldap.5.xml:2061
msgid "Example:"
msgstr "Ejemplo:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
+#: sssd-ldap.5.xml:1574
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3629,14 +3988,14 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1578
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
+#: sssd-ldap.5.xml:1583
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3645,24 +4004,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1591 sssd-ldap.5.xml:1641
msgid "Default: Empty"
msgstr "Predeterminado: vacío"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1597
msgid "ldap_account_expire_policy (string)"
msgstr "ldap_account_expire_policy (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1600
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1604
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3670,19 +4029,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1611
msgid "The following values are allowed:"
msgstr "Los siguientes valores están permitidos:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1614
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1619
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3691,7 +4050,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1626
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3699,7 +4058,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
+#: sssd-ldap.5.xml:1632
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3708,29 +4067,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
+#: sssd-ldap.5.xml:1647
msgid "ldap_access_order (string)"
msgstr "ldap_access_order (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
+#: sssd-ldap.5.xml:1650
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
"Lista separada por coma de opciones de control de acceso. Los valores "
"permitidos son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1654
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr "<emphasis>filtro</emphasis>: utilizar ldap_access_filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1657
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr "<emphasis>caducar</emphasis>: utilizar ldap_account_expire_policy"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1661
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
@@ -3739,17 +4098,17 @@ msgstr ""
"autorizedService para determinar el acceso"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
+#: sssd-ldap.5.xml:1666
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1670
msgid "Default: filter"
msgstr "Predeterminado: filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1673
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
@@ -3758,45 +4117,45 @@ msgstr ""
"una vez."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1680
msgid "ldap_deref (string)"
msgstr "ldap_deref (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
+#: sssd-ldap.5.xml:1683
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1688
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1692
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1697
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1702
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1707
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3813,212 +4172,212 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1718
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1723
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
+#: sssd-ldap.5.xml:1726
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1729
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1735
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1738
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1748
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1751
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
+#: sssd-ldap.5.xml:1755
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
+#: sssd-ldap.5.xml:1761
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
+#: sssd-ldap.5.xml:1764
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
+#: sssd-ldap.5.xml:1769
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1775
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
+#: sssd-ldap.5.xml:1778
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
+#: sssd-ldap.5.xml:1782
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1788
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
+#: sssd-ldap.5.xml:1791
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
+#: sssd-ldap.5.xml:1795
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
+#: sssd-ldap.5.xml:1801
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1804
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
+#: sssd-ldap.5.xml:1808
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
+#: sssd-ldap.5.xml:1814
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
+#: sssd-ldap.5.xml:1817
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
+#: sssd-ldap.5.xml:1821
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
+#: sssd-ldap.5.xml:1827
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
+#: sssd-ldap.5.xml:1830
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1834
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
+#: sssd-ldap.5.xml:1840
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
+#: sssd-ldap.5.xml:1843
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1848
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1854
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1857
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
+#: sssd-ldap.5.xml:1861
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1867
msgid "ldap_sudo_refresh_enabled (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1870
msgid ""
"Enables periodical download of all sudo rules. The cache is purged before "
"each update."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1880
msgid "ldap_sudo_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
+#: sssd-ldap.5.xml:1883
msgid ""
"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1721
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1894
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -4027,76 +4386,76 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1904
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
+#: sssd-ldap.5.xml:1906
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1913
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1916 sssd-ldap.5.xml:1942
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1919 sssd-ldap.5.xml:1946
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
+#: sssd-ldap.5.xml:1926
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
+#: sssd-ldap.5.xml:1929
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
+#: sssd-ldap.5.xml:1932
msgid "Default: ou"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1939
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1953
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
+#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:1970
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1967
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1974
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1911
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -4105,62 +4464,62 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
+#: sssd-ldap.5.xml:1983
msgid "ADVANCED OPTIONS"
msgstr "OPCIONES AVANZADAS"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
+#: sssd-ldap.5.xml:1990
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
+#: sssd-ldap.5.xml:1993
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:2009
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
+#: sssd-ldap.5.xml:2012
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
+#: sssd-ldap.5.xml:2028
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:2031
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:2047
msgid "ldap_user_search_filter (string)"
msgstr "ldap_user_search_filter (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
+#: sssd-ldap.5.xml:2050
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
+#: sssd-ldap.5.xml:2054
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2064
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -4170,55 +4529,55 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
+#: sssd-ldap.5.xml:2067
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2074
msgid "ldap_group_search_filter (string)"
msgstr "ldap_group_search_filter (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
+#: sssd-ldap.5.xml:2077
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2081
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2091
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2094
msgid ""
"An optional base DN to restrict sudo rules searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
+#: sssd-ldap.5.xml:2113
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
+#: sssd-ldap.5.xml:2116
msgid ""
"An optional base DN to restrict automounter searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1985
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -4226,7 +4585,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2147
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -4234,7 +4593,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
+#: sssd-ldap.5.xml:2153
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -4255,19 +4614,19 @@ msgstr ""
" cache_credentials = true\n"
" enumerate = true\n"
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
+#. type: Content of: <refsect1><refsect2><para>
+#: sssd-ldap.5.xml:2152 sssd-simple.5.xml:134 sssd-ipa.5.xml:571
+#: sssd-krb5.5.xml:441 include/ldap_id_mapping.xml:63
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:2166 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr "NOTAS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
+#: sssd-ldap.5.xml:2168
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -4276,7 +4635,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
+#: sssd-ldap.5.xml:2179
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -4822,40 +5181,59 @@ msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:199
+#, fuzzy
+#| msgid "ipa_hbac_search_base (string)"
+msgid "ipa_subdomains_search_base (string)"
+msgstr "ipa_hbac_search_base (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:202
+msgid "Optional. Use the given string as search base for trusted domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+#, fuzzy
+#| msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
+msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
+msgstr "Predeterminado: el valor de <emphasis>ldap_search_base</emphasis>"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:218 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr "krb5_validate (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:221 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
+#: sssd-ipa.5.xml:228
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
+#: sssd-ipa.5.xml:238
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:242
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
+#: sssd-ipa.5.xml:253
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -4863,12 +5241,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
+#: sssd-ipa.5.xml:266
msgid "ipa_hbac_refresh (integer)"
msgstr "ipa_hbac_refresh (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
+#: sssd-ipa.5.xml:269
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -4876,17 +5254,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
+#: sssd-ipa.5.xml:276
msgid "Default: 5 (seconds)"
msgstr "Predeterminado: 5 (segundos)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
+#: sssd-ipa.5.xml:281
msgid "ipa_hbac_treat_deny_as (string)"
msgstr "ipa_hbac_treat_deny_as (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
+#: sssd-ipa.5.xml:284
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -4895,313 +5273,313 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
+#: sssd-ipa.5.xml:293
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
+#: sssd-ipa.5.xml:298
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
+#: sssd-ipa.5.xml:303
msgid "Default: DENY_ALL"
msgstr "Predeterminado: DENY_ALL"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
+#: sssd-ipa.5.xml:308
msgid "ipa_hbac_support_srchost (boolean)"
msgstr "ipa_hbac_support_srchost (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:311
msgid ""
"If this is set to false, then srchost as given to SSSD by PAM will be "
"ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
+#: sssd-ipa.5.xml:315
msgid ""
"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
+#: sssd-ipa.5.xml:326
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
+#: sssd-ipa.5.xml:329
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
+#: sssd-ipa.5.xml:332
msgid "Default: The location named \"default\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:338
msgid "ipa_netgroup_member_of (string)"
msgstr "ipa_netgroup_member_of (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
+#: sssd-ipa.5.xml:341
msgid "The LDAP attribute that lists netgroup's memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
+#: sssd-ipa.5.xml:350
msgid "ipa_netgroup_member_user (string)"
msgstr "ipa_netgroup_member_user (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
+#: sssd-ipa.5.xml:353
msgid ""
"The LDAP attribute that lists system users and groups that are direct "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:358 sssd-ipa.5.xml:453
msgid "Default: memberUser"
msgstr "Predeterminado: memberUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
+#: sssd-ipa.5.xml:363
msgid "ipa_netgroup_member_host (string)"
msgstr "ipa_netgroup_member_host (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:366
msgid ""
"The LDAP attribute that lists hosts and host groups that are direct members "
"of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:370 sssd-ipa.5.xml:465
msgid "Default: memberHost"
msgstr "Predeterminado: memberHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:375
msgid "ipa_netgroup_member_ext_host (string)"
msgstr "ipa_netgroup_member_ext_host (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
+#: sssd-ipa.5.xml:378
msgid ""
"The LDAP attribute that lists FQDNs of hosts and host groups that are "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
+#: sssd-ipa.5.xml:382
msgid "Default: externalHost"
msgstr "Predeterminado: externalHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
+#: sssd-ipa.5.xml:387
msgid "ipa_netgroup_domain (string)"
msgstr "ipa_netgroup_domain (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:390
msgid "The LDAP attribute that contains NIS domain name of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
+#: sssd-ipa.5.xml:394
msgid "Default: nisDomainName"
msgstr "Predeterminado: nisDomainName"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
+#: sssd-ipa.5.xml:400
msgid "ipa_host_object_class (string)"
msgstr "ipa_host_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
+#: sssd-ipa.5.xml:403 sssd-ipa.5.xml:426
msgid "The object class of a host entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
+#: sssd-ipa.5.xml:406 sssd-ipa.5.xml:429
msgid "Default: ipaHost"
msgstr "Predeterminado: ipaHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:411
msgid "ipa_host_fqdn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
+#: sssd-ipa.5.xml:414
msgid "The LDAP attribute that contains FQDN of the host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
+#: sssd-ipa.5.xml:417
msgid "Default: fqdn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
+#: sssd-ipa.5.xml:423
msgid "ipa_selinux_usermap_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
+#: sssd-ipa.5.xml:434
msgid "ipa_selinux_usermap_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:437
msgid "The LDAP attribute that contains the name of SELinux usermap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:446
msgid "ipa_selinux_usermap_member_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
+#: sssd-ipa.5.xml:449
msgid ""
"The LDAP attribute that contains all users / groups this rule match against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
+#: sssd-ipa.5.xml:458
msgid "ipa_selinux_usermap_member_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
+#: sssd-ipa.5.xml:461
msgid ""
"The LDAP attribute that contains all hosts / hostgroups this rule match "
"against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:470
msgid "ipa_selinux_usermap_see_also (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:473
msgid ""
"The LDAP attribute that contains DN of HBAC rule which can be used for "
"matching instead of memberUser and memberHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
+#: sssd-ipa.5.xml:478
msgid "Default: seeAlso"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
+#: sssd-ipa.5.xml:483
msgid "ipa_selinux_usermap_selinux_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:486
msgid "The LDAP attribute that contains SELinux user string itself."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:490
msgid "Default: ipaSELinuxUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
+#: sssd-ipa.5.xml:495
msgid "ipa_selinux_usermap_enabled (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
+#: sssd-ipa.5.xml:498
msgid ""
"The LDAP attribute that contains whether or not is user map enabled for "
"usage."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:502
msgid "Default: ipaEnabledFlag"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
+#: sssd-ipa.5.xml:507
msgid "ipa_selinux_usermap_user_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:510
msgid "The LDAP attribute that contains user category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
+#: sssd-ipa.5.xml:514
msgid "Default: userCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:519
msgid "ipa_selinux_usermap_host_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:522
msgid "The LDAP attribute that contains host category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
+#: sssd-ipa.5.xml:526
msgid "Default: hostCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:531
msgid "ipa_selinux_usermap_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
+#: sssd-ipa.5.xml:534
msgid "The LDAP attribute that contains unique ID of the user map."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
+#: sssd-ipa.5.xml:538
msgid "Default: ipaUniqueID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
+#: sssd-ipa.5.xml:543
msgid "ipa_host_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
+#: sssd-ipa.5.xml:546
msgid "The LDAP attribute that contains the host's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:550
msgid "Default: ipaSshPubKey"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:565
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -5209,7 +5587,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:572
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -5223,7 +5601,7 @@ msgstr ""
" ipa_hostname = myhost.example.com\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
+#: sssd-ipa.5.xml:583
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -5314,11 +5692,6 @@ msgstr ""
msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
msgstr "<emphasis>0</emphasis>: Desactiva microsegundos en marcas de tiempo"
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Predeterminado: 0"
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:85
msgid "<option>-f</option>,<option>--debug-to-files</option>"
@@ -5736,7 +6109,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
+#: sss_useradd.8.xml:171
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6231,7 +6604,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
+#: sss_groupadd.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6328,7 +6701,7 @@ msgid "Before actually deleting the user, terminate all his processes."
msgstr "Antes de realmente eliminar al usuario, terminar todos sus procesos."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
+#: sss_userdel.8.xml:97
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6379,7 +6752,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
+#: sss_groupdel.8.xml:50
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6444,7 +6817,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
+#: sss_groupshow.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6544,7 +6917,7 @@ msgid "The SELinux user for the user's login."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
+#: sss_usermod.8.xml:142
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6663,13 +7036,74 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:108
+#, fuzzy
+#| msgid ""
+#| "<option>-s</option>,<option>--shell</option> <replaceable>SHELL</"
+#| "replaceable>"
msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"<option>-s</option>,<option>--service</option> <replaceable>service</"
"replaceable>"
msgstr ""
+"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:113
+msgid "Invalidate specific service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:119
+#, fuzzy
+#| msgid "<option>-f</option>,<option>--force</option>"
+msgid "<option>-S</option>,<option>--services</option>"
+msgstr "<option>-f</option>,<option>--force</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:123
+msgid ""
+"Invalidate all service records. This option overrides invalidation of "
+"specific service if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:130
+#, fuzzy
+#| msgid ""
+#| "<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
+msgid ""
+"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
+"replaceable>"
+msgstr ""
+"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:135
+msgid "Invalidate specific autofs maps."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:141
+#, fuzzy
+#| msgid "<option>-D</option>,<option>--daemon</option>"
+msgid "<option>-A</option>,<option>--autofs-maps</option>"
+msgstr "<option>-D</option>,<option>--daemon</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:145
+msgid ""
+"Invalidate all autofs maps. This option overrides invalidation of specific "
+"map if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:152
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:157
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -6894,7 +7328,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
msgid "Configuration"
msgstr "Configuración"
@@ -7010,6 +7444,251 @@ msgid ""
"offline mode, and then attempts to reconnect every 30 seconds."
msgstr ""
+#. type: Content of: <refsect1><title>
+#: include/ldap_id_mapping.xml:2
+msgid "ID MAPPING"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:4
+msgid ""
+"The ID-mapping feature allows SSSD to act as a client of Active Directory "
+"without requiring administrators to extend user attributes to support POSIX "
+"attributes for user and group identifiers."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:9
+msgid ""
+"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are "
+"ignored. This is to avoid the possibility of conflicts between automatically-"
+"assigned and manually-assigned values. If you need to use manually-assigned "
+"values, ALL values must be manually-assigned."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:17
+msgid "Mapping Algorithm"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:19
+msgid ""
+"Active Directory provides an objectSID for every user and group object in "
+"the directory. This objectSID can be broken up into components that "
+"represent the Active Directory domain identity and the relative identifier "
+"(RID) of the user or group object."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:25
+msgid ""
+"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
+"into equally-sized component sections - called \"slices\"-. Each slice "
+"represents the space available to an Active Directory domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:31
+msgid ""
+"When a user or group entry for a particular domain is encountered for the "
+"first time, the SSSD allocates one of the available slices for that domain. "
+"In order to make this slice-assignment repeatable on different client "
+"machines, we select the slice based on the following algorithm:"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:38
+msgid ""
+"The SID string is passed through the murmurhash3 algorithm to convert it to "
+"a 32-bit hashed value. We then take the modulus of this value with the total "
+"number of available slices to pick the slice."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:44
+msgid ""
+"NOTE: It is possible to encounter collisions in the hash and subsequent "
+"modulus. In these situations, we will select the next available slice, but "
+"it may not be possible to reproduce the same exact set of slices on other "
+"machines (since the order that they are encountered will determine their "
+"slice). In this situation, it is recommended to either switch to using "
+"explicit POSIX attributes in Active Directory (disabling ID-mapping) or "
+"configure a default domain to guarantee that at least one is always "
+"consistent. See <quote>Configuration</quote> for details."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:59
+msgid ""
+"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><programlisting>
+#: include/ldap_id_mapping.xml:64
+#, no-wrap
+msgid ""
+"ldap_id_mapping = True\n"
+"ldap_schema = ad\n"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:69
+msgid ""
+"The default configuration results in configuring 10,000 slices, each capable "
+"of holding up to 200,000 IDs, starting from 10,001 and going up to "
+"2,000,100,000. This should be sufficient for most deployments."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><title>
+#: include/ldap_id_mapping.xml:75
+#, fuzzy
+#| msgid "Configuration"
+msgid "Advanced Configuration"
+msgstr "Configuración"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:78
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_range_min (integer)"
+msgstr "ldap_page_size (entero)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:81
+msgid ""
+"Specifies the lower bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:85
+msgid ""
+"NOTE: This option is different from <quote>id_mn</quote> in that "
+"<quote>id_min</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_min</"
+"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:95
+#, fuzzy
+#| msgid "Default: 1000"
+msgid "Default: 10001"
+msgstr "Predeterminado: 1000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:100
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_range_max (integer)"
+msgstr "ldap_page_size (entero)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:103
+msgid ""
+"Specifies the upper bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:107
+msgid ""
+"NOTE: This option is different from <quote>id_max</quote> in that "
+"<quote>id_max</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_max</"
+"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:117
+#, fuzzy
+#| msgid "Default: 1000"
+msgid "Default: 2000100000"
+msgstr "Predeterminado: 1000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:122
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_range_size (integer)"
+msgstr "ldap_page_size (entero)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:125
+msgid ""
+"Specifies the number of IDs available for each slice. If the range size "
+"does not divide evenly into the min and max values, it will create as many "
+"complete slices as it can."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:131
+#, fuzzy
+#| msgid "Default: 1000"
+msgid "Default: 200000"
+msgstr "Predeterminado: 1000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:136
+#, fuzzy
+#| msgid "ldap_default_bind_dn (string)"
+msgid "ldap_idmap_default_domain_sid (string)"
+msgstr "ldap_default_bind_dn (cadena)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:139
+msgid ""
+"Specify the domain SID of the default domain. This will guarantee that this "
+"domain will always be assigned to slice zero in the ID map, bypassing the "
+"murmurhash algorithm described above."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:150
+#, fuzzy
+#| msgid "ldap_default_bind_dn (string)"
+msgid "ldap_idmap_default_domain (string)"
+msgstr "ldap_default_bind_dn (cadena)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:153
+msgid "Specify the name of the default domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:161
+#, fuzzy
+#| msgid "ldap_sasl_canonicalize (boolean)"
+msgid "ldap_idmap_autorid_compat (boolean)"
+msgstr "ldap_sasl_canonicalize (boolean)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:164
+msgid ""
+"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
+"winbind's <quote>idmap_autorid</quote> algorithm."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:169
+msgid ""
+"When this option is configured, domains will be allocated starting with "
+"slice zero and increasing monatomically with each additional domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:174
+msgid ""
+"NOTE: This algorithm is non-deterministic (it depends on the order that "
+"users and groups are requested). If this mode is required for compatibility "
+"with machines running winbind, it is recommended to also use the "
+"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at "
+"least one domain is consistently allocated to slice zero."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-h</option>,<option>--help</option>"
@@ -7129,3 +7808,33 @@ msgid ""
"<emphasis> This is an experimental feature, please use http://fedorahosted."
"org/sssd to report any issues. </emphasis>"
msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/local.xml:2
+msgid "THE LOCAL DOMAIN"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:4
+msgid ""
+"In order to function correctly, a domain with <quote>id_provider=local</"
+"quote> must be created and the SSSD must be running."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:9
+msgid ""
+"The administrator might want to use the SSSD local users instead of "
+"traditional UNIX users in cases where the group nesting (see <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>) is needed. The local users are also useful for testing and "
+"development of the SSSD without having to deploy a full remote server. The "
+"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
+"local LDB storage to store users and groups."
+msgstr ""
+
+#~ msgid "Default: 7"
+#~ msgstr "Predeterminado: 7"
+
+#~ msgid "<quote>permit</quote> always allow access."
+#~ msgstr "<quote>permit</quote> siempre permitir el acceso."
diff --git a/src/man/po/fr.po b/src/man/po/fr.po
index 6807e0048..c93dc22ac 100644
--- a/src/man/po/fr.po
+++ b/src/man/po/fr.po
@@ -9,8 +9,8 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-03-12 16:37-0300\n"
-"PO-Revision-Date: 2012-03-12 20:08+0000\n"
+"POT-Creation-Date: 2012-05-11 14:59-0300\n"
+"PO-Revision-Date: 2012-04-20 17:34+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: French <trans-fr@lists.fedoraproject.org>\n"
"Language: fr\n"
@@ -128,18 +128,18 @@ msgstr ""
"<replaceable>GROUPS</replaceable>."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1348 sssd-ldap.5.xml:2096
+#: sss_groupmod.8.xml:74 sssd.conf.5.xml:1585 sssd-ldap.5.xml:2177
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138 sss_ssh_authorizedkeys.1.xml:96
+#: sssd-ipa.5.xml:581 sssd.8.xml:191 sss_obfuscate.8.xml:103
+#: sss_useradd.8.xml:169 sssd-krb5.5.xml:451 sss_groupadd.8.xml:60
+#: sss_userdel.8.xml:95 sss_groupdel.8.xml:48 sss_groupshow.8.xml:60
+#: sss_usermod.8.xml:140 sss_ssh_authorizedkeys.1.xml:96
#: sss_ssh_knownhostsproxy.1.xml:95
msgid "SEE ALSO"
msgstr "VOIR AUSSI"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
+#: sss_groupmod.8.xml:76
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -265,7 +265,7 @@ msgid "The [sssd] section"
msgstr "La section [sssd]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:1431
msgid "Section parameters"
msgstr "Paramètres de section"
@@ -298,16 +298,18 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:88
msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
+"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
+"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
+"\"with_ssh\">, ssh</phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
+#: sssd.conf.5.xml:96 sssd.conf.5.xml:288
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
+#: sssd.conf.5.xml:99 sssd.conf.5.xml:291
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -316,17 +318,17 @@ msgstr ""
"redémarrer dans le cas d'un plantage du « Data Provider » avant d'abandonner"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
+#: sssd.conf.5.xml:104 sssd.conf.5.xml:296
msgid "Default: 3"
msgstr "Par défaut : 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:109
msgid "domains"
msgstr "domaines"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:112
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -339,12 +341,12 @@ msgstr ""
"domaines dans l'ordre où vous voulez les appeler."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
+#: sssd.conf.5.xml:122
msgid "re_expression (string)"
msgstr "re_expression (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
+#: sssd.conf.5.xml:125
msgid ""
"Regular expression that describes how to parse the string containing user "
"name and domain into these components."
@@ -353,7 +355,7 @@ msgstr ""
"contenant les informations utilisateur et les domaines vers les composants."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
+#: sssd.conf.5.xml:129
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -364,7 +366,7 @@ msgstr ""
"importe le domaine après »"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
+#: sssd.conf.5.xml:134
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -376,7 +378,7 @@ msgstr ""
"fonction."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:141
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
@@ -385,12 +387,12 @@ msgstr ""
"syntaxe Python (?P&lt;name&gt;) pour nommer les sous-modèles."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
+#: sssd.conf.5.xml:148
msgid "full_name_format (string)"
msgstr "full_name_format (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
+#: sssd.conf.5.xml:151
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to translate "
@@ -401,17 +403,17 @@ msgstr ""
"domaine) d'un tuple en un domaine totalement qualifé."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
+#: sssd.conf.5.xml:159
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Par défaut : <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
+#: sssd.conf.5.xml:164
msgid "try_inotify (boolean)"
msgstr "try_inotify (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
+#: sssd.conf.5.xml:167
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -424,7 +426,7 @@ msgstr ""
"échoue."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
+#: sssd.conf.5.xml:175
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -434,7 +436,7 @@ msgstr ""
"conseillée. Dans ces rares cas, cette option devrait être définie à « false »"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
+#: sssd.conf.5.xml:181
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
@@ -443,7 +445,7 @@ msgstr ""
"sur les autres plateformes."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:185
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
@@ -452,31 +454,56 @@ msgstr ""
"pas accessible. Sur celles-ci, la requête sera toujours utilisée."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
+#: sssd.conf.5.xml:192
msgid "krb5_rcache_dir (string)"
msgstr "krb5_rcache_dir (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
+#: sssd.conf.5.xml:195
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
+"Répertoire du système de fichiers où SSSD doit stocker les fichiers de "
+"relecture de Kerberos."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
+#: sssd.conf.5.xml:199
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
+#: sssd.conf.5.xml:205
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:212
+#, fuzzy
+#| msgid "timeout (integer)"
+msgid "force_timeout (integer)"
+msgstr "timeout (entier)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:215
+msgid ""
+"If a service is not responding to ping checks (see the <quote>timeout</"
+"quote> option), it is first sent the SIGTERM signal that instructs it to "
+"quit gracefully. If the service does not terminate after "
+"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down "
+"by sending a SIGKILL signal."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:542 sssd.conf.5.xml:690
+#: sssd-ldap.5.xml:1034
+msgid "Default: 60"
+msgstr "Par défaut : 60"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:63
msgid ""
@@ -495,12 +522,12 @@ msgstr ""
"<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
+#: sssd.conf.5.xml:234
msgid "SERVICES SECTIONS"
msgstr "SECTIONS SERVICES"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
+#: sssd.conf.5.xml:236
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -513,61 +540,80 @@ msgstr ""
"<quote>[nss]</quote>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
+#: sssd.conf.5.xml:243
msgid "General service configuration options"
msgstr "Options générales de configuration du service"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
+#: sssd.conf.5.xml:245
msgid "These options can be used to configure any service."
msgstr "Ces options peuvent être utilisées pour configurer les services."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
+#: sssd.conf.5.xml:249
msgid "debug_level (integer)"
msgstr "debug_level (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
+#: sssd.conf.5.xml:253
msgid "debug_timestamps (bool)"
msgstr "debug_timestamps (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
+#: sssd.conf.5.xml:256
msgid "Add a timestamp to the debug messages"
msgstr "Ajoute un horodatage aux messages de débogage"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:393 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:408 sssd.conf.5.xml:793
+#: sssd-ldap.5.xml:1399 sssd-ldap.5.xml:1525 sssd-ipa.5.xml:225
+#: sssd-ipa.5.xml:260
msgid "Default: true"
msgstr "Par défaut : true"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
+#: sssd.conf.5.xml:264
msgid "debug_microseconds (bool)"
msgstr "debug_microseconds (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
+#: sssd.conf.5.xml:267
msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:658 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:270 sssd.conf.5.xml:740 sssd.conf.5.xml:1368
+#: sssd-ldap.5.xml:620 sssd-ldap.5.xml:1312 sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1468 sssd-ldap.5.xml:1874 sssd-ipa.5.xml:123
+#: sssd-ipa.5.xml:320 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269
+#: sssd-krb5.5.xml:418
msgid "Default: false"
msgstr "Par défaut : false"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
+#: sssd.conf.5.xml:275
+msgid "timeout (integer)"
+msgstr "timeout (entier)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:278
+msgid ""
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:283 sssd-ldap.5.xml:1183
+msgid "Default: 10"
+msgstr "Par défaut : 10"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:301
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:304
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -577,40 +623,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:282
+#: sssd.conf.5.xml:313
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:287
-msgid "command (string)"
-msgstr "command (chaîne)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:290
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>. This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-"Par défaut, l'exécutable représentant ce service est appelé <command>sssd_"
-"${service_name}</command>. Cette directive autorise de changer le nom de "
-"l'exécutable pour le service. Dans la plupart des cas, les valeurs par "
-"défaut sont suffisantes."
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr "Par défaut : <command>sssd_${service_name}</command>"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:306
+#: sssd.conf.5.xml:321
msgid "NSS configuration options"
msgstr "Options de configuration NSS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:308
+#: sssd.conf.5.xml:323
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
@@ -618,12 +641,12 @@ msgstr ""
"Switch (NSS)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:313
+#: sssd.conf.5.xml:328
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316
+#: sssd.conf.5.xml:331
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
@@ -632,17 +655,17 @@ msgstr ""
"(requêtes pour les informations sur tous les utilisateurs)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:335
msgid "Default: 120"
msgstr "Par défaut : 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:325
+#: sssd.conf.5.xml:340
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:328
+#: sssd.conf.5.xml:343
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -653,7 +676,7 @@ msgstr ""
"valeur de entry_cache_timeout pour le domaine."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:349
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -668,7 +691,7 @@ msgstr ""
"requêtes ne seront pas bloquées en attendant une mise à jour du cache."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:359
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -681,17 +704,17 @@ msgstr ""
"de non réponse à moins de 10 secondes (0 pour désactiver l'option)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:352
+#: sssd.conf.5.xml:367
msgid "Default: 50"
msgstr "Par défaut : 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:357
+#: sssd.conf.5.xml:372
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:375
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -703,17 +726,17 @@ msgstr ""
"nouveau l'arrière plan."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:686 sssd-krb5.5.xml:223
+#: sssd.conf.5.xml:381 sssd.conf.5.xml:768 sssd-krb5.5.xml:223
msgid "Default: 15"
msgstr "Par défaut : 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:371
+#: sssd.conf.5.xml:386
msgid "filter_users, filter_groups (string)"
msgstr "filter_users, filter_groups (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:374
+#: sssd.conf.5.xml:389
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -727,17 +750,17 @@ msgstr ""
"domaine."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:396
msgid "Default: root"
msgstr "Par défaut : root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:401
msgid "filter_users_in_groups (bool)"
msgstr "filter_users_in_groups (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:389
+#: sssd.conf.5.xml:404
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
@@ -745,62 +768,62 @@ msgstr ""
"à « false »."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398
+#: sssd.conf.5.xml:413
msgid "override_homedir (string)"
msgstr "override_homedir (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:166
+#: sssd.conf.5.xml:422 sssd-krb5.5.xml:166
msgid "%u"
msgstr "%u"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd-krb5.5.xml:167
+#: sssd.conf.5.xml:423 sssd-krb5.5.xml:167
msgid "login name"
msgstr "nom de connexion"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:411 sssd-krb5.5.xml:170
+#: sssd.conf.5.xml:426 sssd-krb5.5.xml:170
msgid "%U"
msgstr "%U"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:412
+#: sssd.conf.5.xml:427
msgid "UID number"
msgstr "paramètre UID"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:415 sssd-krb5.5.xml:188
+#: sssd.conf.5.xml:430 sssd-krb5.5.xml:188
msgid "%d"
msgstr "%d"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:416
+#: sssd.conf.5.xml:431
msgid "domain name"
msgstr "nom de domaine"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:419
+#: sssd.conf.5.xml:434
msgid "%f"
msgstr "%f"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:435
msgid "fully qualified user name (user@domain)"
msgstr "nom d'utilisateur qualifié totalement (utilisateur@domaine)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:423 sssd-krb5.5.xml:200
+#: sssd.conf.5.xml:438 sssd-krb5.5.xml:200
msgid "%%"
msgstr "%%"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424 sssd-krb5.5.xml:201
+#: sssd.conf.5.xml:439 sssd-krb5.5.xml:201
msgid "a literal '%'"
msgstr "un « % » littéral"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:401
+#: sssd.conf.5.xml:416
msgid ""
"Override the user's home directory. You can either provide an absolute value "
"or a template. In the template, the following sequences are substituted: "
@@ -811,17 +834,42 @@ msgstr ""
"substituées :<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430
+#: sssd.conf.5.xml:445
msgid "This option can also be set per-domain."
msgstr "Cette option peut aussi être définie pour chaque domaine."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:450
+#, fuzzy
+#| msgid "mail_dir (string)"
+msgid "fallback_homedir (string)"
+msgstr "mail_dir (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:453
+msgid ""
+"Set a default template for a user's home directory if one is not specified "
+"explicitly by the domain's data provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:458
+msgid ""
+"The available values for this option are the same as for override_homedir."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:462
+msgid "Default: not set (no substitution for unset home directories)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:468
msgid "allowed_shells (string)"
msgstr "allowed_shells (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
+#: sssd.conf.5.xml:471
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
@@ -829,14 +877,14 @@ msgstr ""
"L'ordre d'évaluation est :"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
+#: sssd.conf.5.xml:474
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
"1. Si l'interpréteur de commandes est présent dans <quote>/etc/shells</"
"quote> il est utilisé."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
+#: sssd.conf.5.xml:478
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
@@ -846,7 +894,7 @@ msgstr ""
"shell_fallback » sera faite."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:483
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
@@ -855,14 +903,14 @@ msgstr ""
"ni dans <quote>/etc/shells</quote>, une connexion sans shell est utlisée."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:455
+#: sssd.conf.5.xml:488
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
"Une chaîne vide pour l'interpréteur de commandes est passée comme elle est à "
"la libc."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:458
+#: sssd.conf.5.xml:491
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
@@ -872,31 +920,31 @@ msgstr ""
"est installé."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:462
+#: sssd.conf.5.xml:495
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
"Par défaut : non défini. L'interpréteur de commandes de l'utilisateur est "
"utilisé automatiquement."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:500
msgid "vetoed_shells (string)"
msgstr "vetoed_shells (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:503
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
"Remplacer toutes les occurences de ces interpréteurs de commandes par "
"l'interpréteur de commandes par défaut"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:475
+#: sssd.conf.5.xml:508
msgid "shell_fallback (string)"
msgstr "shell_fallback (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:511
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
@@ -904,17 +952,52 @@ msgstr ""
"commandes autorisé n'est pas installé sur la machine."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
+#: sssd.conf.5.xml:515
msgid "Default: /bin/sh"
msgstr "Par défaut : /bin/sh"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:520
+#, fuzzy
+#| msgid "default_shell (string)"
+msgid "default_shell"
+msgstr "default_shell (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:523
+msgid ""
+"The default shell to use if the provider does not return one during lookup. "
+"This option supercedes any other shell options if it takes effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:528
+msgid ""
+"Default: not set (Return NULL if no shell is specified and rely on libc to "
+"substitute something sensible when necessary, usually /bin/sh)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:535 sssd.conf.5.xml:683
+#, fuzzy
+#| msgid "entry_negative_timeout (integer)"
+msgid "get_domains_timeout (int)"
+msgstr "entry_negative_timeout (entier)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:538 sssd.conf.5.xml:686
+msgid ""
+"Specifies time in seconds for which the list of subdomains will be "
+"considered valid."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:489
+#: sssd.conf.5.xml:549
msgid "PAM configuration options"
msgstr "Options de configuration de PAM"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:491
+#: sssd.conf.5.xml:551
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
@@ -923,12 +1006,12 @@ msgstr ""
"(PAM)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:556
msgid "offline_credentials_expiration (integer)"
msgstr "offline_credentials_expiration (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:499
+#: sssd.conf.5.xml:559
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
@@ -938,17 +1021,17 @@ msgstr ""
"connexion réussie)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504 sssd.conf.5.xml:517
+#: sssd.conf.5.xml:564 sssd.conf.5.xml:577
msgid "Default: 0 (No limit)"
msgstr "Par défaut : 0 (pas de limite)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:570
msgid "offline_failed_login_attempts (integer)"
msgstr "offline_failed_login_attempts (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:513
+#: sssd.conf.5.xml:573
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
@@ -957,12 +1040,12 @@ msgstr ""
"échouées sont autorisées."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:523
+#: sssd.conf.5.xml:583
msgid "offline_failed_login_delay (integer)"
msgstr "offline_failed_login_delay (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:586
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
@@ -971,7 +1054,7 @@ msgstr ""
"atteint avant qu'une nouvelle tentative soit possible."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:591
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -979,17 +1062,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537 sssd.conf.5.xml:590 sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:597 sssd.conf.5.xml:650 sssd.conf.5.xml:1315
msgid "Default: 5"
msgstr "Par défaut : 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:603
msgid "pam_verbosity (integer)"
msgstr "pam_verbosity (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:606
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
@@ -998,44 +1081,44 @@ msgstr ""
"d'authentification. Le nombre le plus grand affichera plus de messages."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:611
msgid "Currently sssd supports the following values:"
msgstr "Actuellement sssd supporte les valeurs :"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:554
+#: sssd.conf.5.xml:614
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr "<emphasis>0</emphasis> : ne pas afficher de message"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:557
+#: sssd.conf.5.xml:617
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr "<emphasis>1</emphasis> : afficher seulement les messages importants"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:621
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr "<emphasis>2</emphasis> : afficher les messages d'information"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:624
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
"<emphasis>3</emphasis> : afficher tous les messages et informations de "
"débogage"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:568 sssd.8.xml:63
+#: sssd.conf.5.xml:628 sssd.8.xml:63
msgid "Default: 1"
msgstr "Par défaut : 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:573
+#: sssd.conf.5.xml:633
msgid "pam_id_timeout (integer)"
msgstr "pam_id_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:636
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1047,7 +1130,7 @@ msgstr ""
"les dernières informations."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
+#: sssd.conf.5.xml:642
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1061,17 +1144,17 @@ msgstr ""
"retour avec le fournisseur d'identité."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:656
msgid "pam_pwd_expiration_warning (integer)"
msgstr "pam_pwd_expiration_warning (entier)"
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:659 sssd.conf.5.xml:972
msgid "Display a warning N days before the password expires."
msgstr "Afficher une alerte N jours avant que le mot de passe n'expire."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:662
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1081,28 +1164,42 @@ msgstr ""
"à propos du temps d'expiration du mot de passe. Si cette information est "
"manquante, sssd ne peut afficher de message d'alerte."
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:668 sssd.conf.5.xml:975
+msgid ""
+"If zero is set, then this filter is not applied, i.e. if the expiration "
+"warning was received from backend server, it will automatically be displayed."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:608
-msgid "Default: 7"
-msgstr "Par défaut : 7"
+#: sssd.conf.5.xml:673
+msgid ""
+"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
+"emphasis> for a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:678 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Par défaut : 0"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:616
+#: sssd.conf.5.xml:698
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:618
+#: sssd.conf.5.xml:700
msgid "These options can be used to configure the sudo service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:707
msgid "sudo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:710
msgid ""
"For any sudo request that comes while SSSD is online, the SSSD will attempt "
"to update the cached rules in order to ensure that sudo has the latest "
@@ -1110,7 +1207,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:716
msgid ""
"The user may, however, run a couple of sudo commands successively, which "
"would trigger multiple LDAP requests. In order to speed up this use-case, "
@@ -1119,64 +1216,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:641
+#: sssd.conf.5.xml:723
msgid ""
"This option controls how long (in seconds) can the sudo service cache rules "
"for a user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:727
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:732
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:735
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:748
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:750
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:676
+#: sssd.conf.5.xml:758
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:679
+#: sssd.conf.5.xml:761
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
"before asking the back end again."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:776
+#, fuzzy
+#| msgid "NSS configuration options"
+msgid "SSH configuration options"
+msgstr "Options de configuration NSS"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:778
+#, fuzzy
+#| msgid "These options can be used to configure any service."
+msgid "These options can be used to configure the SSH service."
+msgstr "Ces options peuvent être utilisées pour configurer les services."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:786
+msgid "ssh_hash_known_hosts (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:789
+msgid ""
+"Whether or not to hash host names and adresses in the managed known_hosts "
+"file."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:803
msgid "DOMAIN SECTIONS"
msgstr "SECTIONS DOMAINE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:810
msgid "min_id,max_id (integer)"
msgstr "min_id,max_id (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:706
+#: sssd.conf.5.xml:813
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
@@ -1185,7 +1308,7 @@ msgstr ""
"dehors de ces limites, il est ignoré."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:711
+#: sssd.conf.5.xml:818
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1198,37 +1321,17 @@ msgstr ""
"plage seront rapportés comme prévu."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:825
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "Default: 1 for min_id, 0 (no limit) for max_id"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
-msgid "timeout (integer)"
-msgstr "timeout (entier)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
-msgid ""
-"Timeout in seconds between heartbeats for this domain. This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-"Délai d'attente entre deux requêtes pour ce domaine. Ceci est utilisé pour "
-"s'assurer que le processus en arrière-plan soit toujours actif et capable de "
-"répondre."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr "Par défaut : 10"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:738
+#: sssd.conf.5.xml:831
msgid "enumerate (bool)"
msgstr "enumerate (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:834
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
@@ -1237,22 +1340,22 @@ msgstr ""
"valeurs suivantes :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:745
+#: sssd.conf.5.xml:838
msgid "TRUE = Users and groups are enumerated"
msgstr "TRUE = utilisateurs et groupes sont comptés"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:841
msgid "FALSE = No enumerations for this domain"
msgstr "FALSE = aucune énumération pour ce domaine"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:856 sssd.conf.5.xml:910
+#: sssd.conf.5.xml:844 sssd.conf.5.xml:949 sssd.conf.5.xml:1031
msgid "Default: FALSE"
msgstr "Par défaut : FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:754
+#: sssd.conf.5.xml:847
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1268,7 +1371,7 @@ msgstr ""
"importante liée au processus d'énumération."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:764
+#: sssd.conf.5.xml:857
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
@@ -1278,7 +1381,7 @@ msgstr ""
"complétion."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:862
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1292,12 +1395,12 @@ msgstr ""
"le id_provider spécifique utilisé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:873
msgid "entry_cache_timeout (integer)"
msgstr "entry_cache_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:876
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
@@ -1306,88 +1409,88 @@ msgstr ""
"valides avant d'appeler à nouveau l'arrière plan"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:880
msgid "Default: 5400"
msgstr "Par défaut : 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:886
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796
+#: sssd.conf.5.xml:889
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800 sssd.conf.5.xml:813 sssd.conf.5.xml:826
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:893 sssd.conf.5.xml:906 sssd.conf.5.xml:919
+#: sssd.conf.5.xml:932
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:899
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:902
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:819
+#: sssd.conf.5.xml:912
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:915
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:925
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:928
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:938
msgid "cache_credentials (bool)"
msgstr "cache_credentials (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:941
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
"Détermine si les crédits utilisateur sont aussi mis en cache dans le cache "
"LDB local"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:945
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:861
+#: sssd.conf.5.xml:954
msgid "account_cache_expiration (integer)"
msgstr "account_cache_expiration (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:957
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1400,49 +1503,85 @@ msgstr ""
"ou égal à offline_credentials_expiration."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:964
msgid "Default: 0 (unlimited)"
msgstr "Défault: 0 (illimité)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:969
+#, fuzzy
+#| msgid "pam_pwd_expiration_warning (integer)"
+msgid "pwd_expiration_warning (integer)"
+msgstr "pam_pwd_expiration_warning (entier)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:980
+#, fuzzy
+#| msgid ""
+#| "Please note that the backend server has to provide information about the "
+#| "expiration time of the password. If this information is missing, sssd "
+#| "cannot display a warning."
+msgid ""
+"Please note that the backend server has to provide information about the "
+"expiration time of the password. If this information is missing, sssd "
+"cannot display a warning. Also an auth provider has to be configured for the "
+"backend."
+msgstr ""
+"Veuillez noter que le serveur en arrière-plan doit fournir des informations "
+"à propos du temps d'expiration du mot de passe. Si cette information est "
+"manquante, sssd ne peut afficher de message d'alerte."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:987
+msgid "Default: 7 (Kerberos), 0 (LDAP)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:993
msgid "id_provider (string)"
msgstr "id_provider (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:880
+#: sssd.conf.5.xml:996
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
"L'identité du fournisseur de données en arrière-plan à utiliser pour le "
"domaine."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:1000
msgid "Supported backends:"
msgstr "Moteurs pris en charge :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:887
+#: sssd.conf.5.xml:1003
msgid "proxy: Support a legacy NSS provider"
msgstr "proxy: supporte l'ancien protocole NSS"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:890
+#: sssd.conf.5.xml:1006
msgid "local: SSSD internal local provider"
msgstr "local: protocole SSSD interne et local"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:1009
msgid "ldap: LDAP provider"
msgstr "ldap: protocole LDAP"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:899
+#: sssd.conf.5.xml:1015
msgid "use_fully_qualified_names (bool)"
msgstr "use_fully_qualified_names (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:1018
+msgid ""
+"Use the full name and domain (as formatted by the domain's full_name_format) "
+"as the user's login name reported to NSS."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1023
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1456,12 +1595,12 @@ msgstr ""
"test@LOCAL</command> ne le trouve."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:915
+#: sssd.conf.5.xml:1036
msgid "auth_provider (string)"
msgstr "auth_provider (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:918
+#: sssd.conf.5.xml:1039
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
@@ -1470,7 +1609,7 @@ msgstr ""
"autorisés sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
+#: sssd.conf.5.xml:1043
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1482,7 +1621,7 @@ msgstr ""
"LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:929
+#: sssd.conf.5.xml:1050
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1493,7 +1632,7 @@ msgstr ""
"citerefentry> pour plus d'informations sur la configuration de Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:1057
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
@@ -1501,12 +1640,12 @@ msgstr ""
"PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1060
msgid "<quote>none</quote> disables authentication explicitly."
msgstr "<quote>none</quote> désactive l'authentification explicitement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1063
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
@@ -1515,12 +1654,12 @@ msgstr ""
"gérer les requêtes d'authentification."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:1069
msgid "access_provider (string)"
msgstr "access_provider (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:951
+#: sssd.conf.5.xml:1072
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1531,17 +1670,19 @@ msgstr ""
"plan). Les fournisseurs internes spécifiques sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
-msgid "<quote>permit</quote> always allow access."
-msgstr "<quote>permit</quote> autoriser l'accès de manière permanente."
+#: sssd.conf.5.xml:1078
+msgid ""
+"<quote>permit</quote> always allow access. It's the only permitted access "
+"provider for a local domain."
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:960
+#: sssd.conf.5.xml:1081
msgid "<quote>deny</quote> always deny access."
msgstr "<quote>deny</quote> refuser l'accès de manière permanente.."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1084
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1554,17 +1695,17 @@ msgstr ""
"configuration du module d'accès simple."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1091
msgid "Default: <quote>permit</quote>"
msgstr "Par défaut : <quote>permit</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1096
msgid "chpass_provider (string)"
msgstr "chpass_provider (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:978
+#: sssd.conf.5.xml:1099
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
@@ -1573,7 +1714,7 @@ msgstr ""
"domaine. Les fournisseurs acceptés sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1104
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1585,7 +1726,7 @@ msgstr ""
"l'IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:991
+#: sssd.conf.5.xml:1112
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1597,7 +1738,7 @@ msgstr ""
"serveur LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1120
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1609,7 +1750,7 @@ msgstr ""
"Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1007
+#: sssd.conf.5.xml:1128
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
@@ -1617,13 +1758,13 @@ msgstr ""
"autre cible PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1011
+#: sssd.conf.5.xml:1132
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
"<quote>none</quote> désactiver le changement de mot de passe explicitement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1135
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
@@ -1632,17 +1773,17 @@ msgstr ""
"peut gérer les changements de mot de passe."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1021
+#: sssd.conf.5.xml:1142
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1148
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1031
+#: sssd.conf.5.xml:1152
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1650,29 +1791,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
+#: sssd.conf.5.xml:1159
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1041
+#: sssd.conf.5.xml:1162 sssd.conf.5.xml:1246 sssd.conf.5.xml:1271
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1047
+#: sssd.conf.5.xml:1168
msgid "session_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1171
msgid ""
"The provider which should handle loading of session settings. Supported "
"session providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1055
+#: sssd.conf.5.xml:1176
msgid ""
"<quote>ipa</quote> to load session settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1680,24 +1821,131 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1184
msgid "<quote>none</quote> disallows fetching session settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1187
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"session loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1193
+#, fuzzy
+#| msgid "id_provider (string)"
+msgid "subdomains_provider (string)"
+msgstr "id_provider (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1196
+#, fuzzy
+#| msgid ""
+#| "The provider which should handle change password operations for the "
+#| "domain. Supported change password providers are:"
+msgid ""
+"The provider which should handle fetching of subdomains. This value should "
+"be always the same as id_provider. Supported subdomain providers are:"
+msgstr ""
+"Le fournisseur qui devrait gérer le changement des mots de passe pour le "
+"domaine. Les fournisseurs acceptés sont :"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1201
+#, fuzzy
+#| msgid ""
+#| "<quote>ipa</quote> to change a password stored in an IPA server. See "
+#| "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> for more information on configuring IPA."
+msgid ""
+"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+"<quote>ipa</quote> pour changer le mot de passe stocké sur un serveur IPA. "
+"Voir <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> pour plus d'informations sur la configuration de "
+"l'IPA."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1209
+#, fuzzy
+#| msgid "<quote>none</quote> disallows password changes explicitly."
+msgid "<quote>none</quote> disallows fetching subdomains explicitly."
+msgstr ""
+"<quote>none</quote> désactiver le changement de mot de passe explicitement."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1212 sssd-ldap.5.xml:1499
+msgid "Default: none"
+msgstr "Par défaut : aucun"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1218
+msgid "autofs_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1224
+msgid ""
+"The autofs provider used for the domain. Supported autofs providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1228
+msgid ""
+"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1235
+msgid ""
+"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
+"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1243
+msgid "<quote>none</quote> disables autofs explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1253
+msgid "hostid_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1256
+msgid ""
+"The provider used for retrieving host identity information. Supported "
+"hostid providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1260
+msgid ""
+"<quote>ipa</quote> to load host identity stored in an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1268
+msgid "<quote>none</quote> disables hostid explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1278
msgid "lookup_family_order (string)"
msgstr "lookup_family_order (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1076
+#: sssd.conf.5.xml:1281
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
@@ -1706,46 +1954,46 @@ msgstr ""
"utiliser pour effectuer les requêtes DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1285
msgid "Supported values:"
msgstr "Valeurs autorisées :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1083
+#: sssd.conf.5.xml:1288
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
"ipv4_first : essaye de chercher une IPv4, si ça échoue, essaye une IPv6."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1291
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
"ipv4_only : ne tente de résoudre que les noms de domaines en adresses IPv4."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1294
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
"ipv6_first : essaye de chercher une IPv6, si ça échoue, essaye une IPv4."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1092
+#: sssd.conf.5.xml:1297
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
"ipv6_only : ne tente de résoudre que les noms de domaines en adresses IPv6."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1095
+#: sssd.conf.5.xml:1300
msgid "Default: ipv4_first"
msgstr "Par défaut : ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1306
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1104
+#: sssd.conf.5.xml:1309
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1756,12 +2004,12 @@ msgstr ""
"le domaine continuera en mode déconnecté."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1321
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1324
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
@@ -1771,41 +2019,75 @@ msgstr ""
"de DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1328
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
"Par défaut : utilise la partie du domaine qui est dans le nom d'hôte de la "
"machine."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1129
+#: sssd.conf.5.xml:1334
msgid "override_gid (integer)"
msgstr "override_gid (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1337
msgid "Override the primary GID value with the one specified."
msgstr "Redéfinit le GID primaire avec la valeur spécifiée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1138
+#: sssd.conf.5.xml:1343
msgid "case_sensitive (boolean)"
msgstr "case_sensitive (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1346
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1351
msgid "Default: True"
msgstr "Par défaut : True"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1357
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1360
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1374
+#, fuzzy
+#| msgid "override_homedir (string)"
+msgid "subdomain_homedir (string)"
+msgstr "override_homedir (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1377
+msgid ""
+"Use this homedir as default value for all subdomains within this domain. See "
+"<emphasis>override_homedir</emphasis> for info about possible values."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1382
+msgid ""
+"The value can be overridden by <emphasis>override_homedir</emphasis> option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:805
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1817,17 +2099,17 @@ msgstr ""
"id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1395
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1398
msgid "The proxy target PAM proxies to."
msgstr "Le proxy cible auquel PAM devient mandataire."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1401
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
@@ -1836,12 +2118,12 @@ msgstr ""
"exsitante ou créer une nouvelle et ajouter le nom de service ici."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1409
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1412
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1852,7 +2134,7 @@ msgstr ""
"$(libName)_$(function), par exemple _nss_files_getpwent."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1154
+#: sssd.conf.5.xml:1391
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
@@ -1861,12 +2143,12 @@ msgstr ""
"id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1187
+#: sssd.conf.5.xml:1424
msgid "The local domain section"
msgstr "La section du domaine local"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1426
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1877,29 +2159,29 @@ msgstr ""
"dire un domaine qui utilise <replaceable>id_provider=local</replaceable>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1433
msgid "default_shell (string)"
msgstr "default_shell (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1436
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
"L'interpréteur de commandes par défaut pour les utilisateurs créés avec les "
"outils de l'espace utilisateur SSSD."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1440
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Par défaut : <filename>/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1445
msgid "base_directory (string)"
msgstr "base_directory (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211
+#: sssd.conf.5.xml:1448
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
@@ -1908,17 +2190,17 @@ msgstr ""
"replaceable> et l'utilise comme dossier personnel."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1453
msgid "Default: <filename>/home</filename>"
msgstr "Par défaut : <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1221
+#: sssd.conf.5.xml:1458
msgid "create_homedir (bool)"
msgstr "create_homedir (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1224
+#: sssd.conf.5.xml:1461
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
@@ -1927,17 +2209,17 @@ msgstr ""
"utilisateurs. Peut être outrepassé par la ligne de commande."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1228 sssd.conf.5.xml:1240
+#: sssd.conf.5.xml:1465 sssd.conf.5.xml:1477
msgid "Default: TRUE"
msgstr "Par défaut : TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1470
msgid "remove_homedir (bool)"
msgstr "remove_homedir (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1473
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
@@ -1946,12 +2228,12 @@ msgstr ""
"suppression des utilisateurs. Peut être outrepassé par la ligne de commande."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1245
+#: sssd.conf.5.xml:1482
msgid "homedir_umask (integer)"
msgstr "homedir_umask (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1248
+#: sssd.conf.5.xml:1485
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1962,17 +2244,17 @@ msgstr ""
"défaut sur un répertoire personnel nouvellement créé."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1256
+#: sssd.conf.5.xml:1493
msgid "Default: 077"
msgstr "Par défaut : 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1498
msgid "skel_dir (string)"
msgstr "skel_dir (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1501
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1985,17 +2267,17 @@ msgstr ""
"manvolnum> </citerefentry>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1274
+#: sssd.conf.5.xml:1511
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Par défaut : <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1516
msgid "mail_dir (string)"
msgstr "mail_dir (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1519
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2006,17 +2288,17 @@ msgstr ""
"par défaut est utilisée."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1289
+#: sssd.conf.5.xml:1526
msgid "Default: <filename>/var/mail</filename>"
msgstr "Par défaut : <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1531
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1297
+#: sssd.conf.5.xml:1534
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2027,18 +2309,18 @@ msgstr ""
"commande n'est pas pris en compte."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1540
msgid "Default: None, no command is run"
msgstr "Par défaut : None, aucune commande lancée"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1313 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1550 sssd-ldap.5.xml:2145 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:563 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr "EXEMPLE"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1319
+#: sssd.conf.5.xml:1556
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2092,7 +2374,7 @@ msgstr ""
"enumerate = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1552
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2105,7 +2387,7 @@ msgstr ""
"\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1587
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -2341,16 +2623,28 @@ msgstr "ldap_schema (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:161
+#, fuzzy
+#| msgid ""
+#| "Specifies the Schema Type in use on the target LDAP server. Depending on "
+#| "the selected schema, the default attribute names retrieved from the "
+#| "servers may vary. The way that some attributes are handled may also "
+#| "differ. Three schema types are currently supported: rfc2307 rfc2307bis "
+#| "IPA The main difference between these schema types is how group "
+#| "memberships are recorded in the server. With rfc2307, group members are "
+#| "listed by name in the <emphasis>memberUid</emphasis> attribute. With "
+#| "rfc2307bis and IPA, group members are listed by DN and stored in the "
+#| "<emphasis>member</emphasis> attribute."
msgid ""
"Specifies the Schema Type in use on the target LDAP server. Depending on "
"the selected schema, the default attribute names retrieved from the servers "
-"may vary. The way that some attributes are handled may also differ. Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
+"may vary. The way that some attributes are handled may also differ. Four "
+"schema types are currently supported: rfc2307 rfc2307bis IPA AD The main "
"difference between these schema types is how group memberships are recorded "
"in the server. With rfc2307, group members are listed by name in the "
"<emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, group "
"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
+"attribute. The AD schema type sets the attributes to correspond with Active "
+"Directory 2008r2 values."
msgstr ""
"Spécifie le schéma type à utiliser pour le serveur LDAP cible. Selon le "
"schéma choisi, l'attribut nom par défaut recherché sur les serveurs peut "
@@ -2363,58 +2657,58 @@ msgstr ""
"l'attribut <emphasis>membre</emphasis>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
+#: sssd-ldap.5.xml:183
msgid "Default: rfc2307"
msgstr "Par défaut : rfc2307"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
+#: sssd-ldap.5.xml:189
msgid "ldap_default_bind_dn (string)"
msgstr "ldap_default_bind_dn (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
+#: sssd-ldap.5.xml:192
msgid "The default bind DN to use for performing LDAP operations."
msgstr ""
"La liaison DN par défaut à utiliser pour effectuer les opérations LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
+#: sssd-ldap.5.xml:199
msgid "ldap_default_authtok_type (string)"
msgstr "ldap_default_authtok_type (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
+#: sssd-ldap.5.xml:202
msgid "The type of the authentication token of the default bind DN."
msgstr "Le type de jeton d'authentification pour le lien DN par défaut."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
+#: sssd-ldap.5.xml:206
msgid "The two mechanisms currently supported are:"
msgstr "Les deux mécanismes actuellement pris en charge sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
+#: sssd-ldap.5.xml:209
msgid "password"
msgstr "password"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
+#: sssd-ldap.5.xml:212
msgid "obfuscated_password"
msgstr "obfuscated_password"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
+#: sssd-ldap.5.xml:215
msgid "Default: password"
msgstr "Par défaut : password"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
+#: sssd-ldap.5.xml:221
msgid "ldap_default_authtok (string)"
msgstr "ldap_default_authtok (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
+#: sssd-ldap.5.xml:224
msgid ""
"The authentication token of the default bind DN. Only clear text passwords "
"are currently supported."
@@ -2423,137 +2717,160 @@ msgstr ""
"de passe en clair sont actuellement pris en charge."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
+#: sssd-ldap.5.xml:231
msgid "ldap_user_object_class (string)"
msgstr "ldap_user_object_class (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
+#: sssd-ldap.5.xml:234
msgid "The object class of a user entry in LDAP."
msgstr "La classe objet d'une entrée utilisateur dans LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
+#: sssd-ldap.5.xml:237
msgid "Default: posixAccount"
msgstr "Par défaut: posixAccount"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
+#: sssd-ldap.5.xml:243
msgid "ldap_user_name (string)"
msgstr "ldap_user_name (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
+#: sssd-ldap.5.xml:246
msgid "The LDAP attribute that corresponds to the user's login name."
msgstr "l'attribut LDAP correspondant au nom de connexion utilisateur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
+#: sssd-ldap.5.xml:250
msgid "Default: uid"
msgstr "Par défaut : uid"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
+#: sssd-ldap.5.xml:256
msgid "ldap_user_uid_number (string)"
msgstr "ldap_user_uid_number (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
+#: sssd-ldap.5.xml:259
msgid "The LDAP attribute that corresponds to the user's id."
msgstr "L'attribut LDAP correspondant à l'id utilisateur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
+#: sssd-ldap.5.xml:263
msgid "Default: uidNumber"
msgstr "par défaut : uidNumber"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
+#: sssd-ldap.5.xml:269
msgid "ldap_user_gid_number (string)"
msgstr "ldap_user_gid_number (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
+#: sssd-ldap.5.xml:272
msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr ""
"L'attribut LDAP correspondant à l'utilisateur ayant l'id du groupe primaire."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
+#: sssd-ldap.5.xml:276 sssd-ldap.5.xml:758
msgid "Default: gidNumber"
msgstr "Par défaut : gidNumber"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
+#: sssd-ldap.5.xml:282
msgid "ldap_user_gecos (string)"
msgstr "ldap_user_gecos (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
+#: sssd-ldap.5.xml:285
msgid "The LDAP attribute that corresponds to the user's gecos field."
msgstr "L'attribut LDAP correspondant au champ gecos de l'utilisateur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
+#: sssd-ldap.5.xml:289
msgid "Default: gecos"
msgstr "Par défaut : gecos"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
+#: sssd-ldap.5.xml:295
msgid "ldap_user_home_directory (string)"
msgstr "ldap_user_home_directory (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
+#: sssd-ldap.5.xml:298
msgid "The LDAP attribute that contains the name of the user's home directory."
msgstr ""
"L'attribut LDAP qui contient le nom du répertoire personnel de l'utilisateur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
+#: sssd-ldap.5.xml:302
msgid "Default: homeDirectory"
msgstr "Par défaut : Répertoire_personnel"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
+#: sssd-ldap.5.xml:308
msgid "ldap_user_shell (string)"
msgstr "ldap_user_shell (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
+#: sssd-ldap.5.xml:311
msgid "The LDAP attribute that contains the path to the user's default shell."
msgstr ""
"L'attribut LDAP qui contient le chemin vers l'interpréteur de commandes de "
"l'utilisateur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
+#: sssd-ldap.5.xml:315
msgid "Default: loginShell"
msgstr "Par défaut : loginShell"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
+#: sssd-ldap.5.xml:321
msgid "ldap_user_uuid (string)"
msgstr "ldap_user_uuid (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
+#: sssd-ldap.5.xml:324
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
"L'attribut LDAP qui contient les UUID/GUID d'un objet utilisateur LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
+#: sssd-ldap.5.xml:328 sssd-ldap.5.xml:784 sssd-ldap.5.xml:911
msgid "Default: nsUniqueId"
msgstr "Par défaut : nsUniqueId"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
+#: sssd-ldap.5.xml:334
+#, fuzzy
+#| msgid "ldap_user_object_class (string)"
+msgid "ldap_user_objectsid (string)"
+msgstr "ldap_user_object_class (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:337
+#, fuzzy
+#| msgid ""
+#| "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP user object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+"L'attribut LDAP qui contient les UUID/GUID d'un objet utilisateur LDAP."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:342 sssd-ldap.5.xml:798
+msgid "Default: objectSid for ActiveDirectory, not set for other servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:349
msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
+#: sssd-ldap.5.xml:352 sssd-ldap.5.xml:808 sssd-ldap.5.xml:920
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
@@ -2562,17 +2879,17 @@ msgstr ""
"l'objet parent."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
+#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:812 sssd-ldap.5.xml:927
msgid "Default: modifyTimestamp"
msgstr "Par défaut : modifyTimestamp"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
+#: sssd-ldap.5.xml:362
msgid "ldap_user_shadow_last_change (string)"
msgstr "ldap_user_shadow_last_change (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
+#: sssd-ldap.5.xml:365
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2585,17 +2902,17 @@ msgstr ""
"du dernier mot de passe)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
+#: sssd-ldap.5.xml:375
msgid "Default: shadowLastChange"
msgstr "Par défaut : shadowLastChange"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
+#: sssd-ldap.5.xml:381
msgid "ldap_user_shadow_min (string)"
msgstr "ldap_user_shadow_min (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
+#: sssd-ldap.5.xml:384
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2608,17 +2925,17 @@ msgstr ""
"minimum du mot de passe)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
+#: sssd-ldap.5.xml:393
msgid "Default: shadowMin"
msgstr "Par défaut : shadowMin"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
+#: sssd-ldap.5.xml:399
msgid "ldap_user_shadow_max (string)"
msgstr "ldap_user_shadow_max (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
+#: sssd-ldap.5.xml:402
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2631,17 +2948,17 @@ msgstr ""
"de passe)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
+#: sssd-ldap.5.xml:411
msgid "Default: shadowMax"
msgstr "Par défaut : shadowMax"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
+#: sssd-ldap.5.xml:417
msgid "ldap_user_shadow_warning (string)"
msgstr "ldap_user_shadow_warning (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
+#: sssd-ldap.5.xml:420
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2654,17 +2971,17 @@ msgstr ""
"d'avertissement du mot de passe)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
+#: sssd-ldap.5.xml:430
msgid "Default: shadowWarning"
msgstr "Par défaut : shadowWarning"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
+#: sssd-ldap.5.xml:436
msgid "ldap_user_shadow_inactive (string)"
msgstr "ldap_user_shadow_inactive (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
+#: sssd-ldap.5.xml:439
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2677,17 +2994,17 @@ msgstr ""
"d'inactivité du mot de passe)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
+#: sssd-ldap.5.xml:449
msgid "Default: shadowInactive"
msgstr "Par défaut : shadowInactive"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
+#: sssd-ldap.5.xml:455
msgid "ldap_user_shadow_expire (string)"
msgstr "ldap_user_shadow_expire (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
+#: sssd-ldap.5.xml:458
msgid ""
"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
"parameter contains the name of an LDAP attribute corresponding to its "
@@ -2700,17 +3017,17 @@ msgstr ""
"citerefentry> (date d'expiration du compte)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
+#: sssd-ldap.5.xml:468
msgid "Default: shadowExpire"
msgstr "Par défaut : shadowExpire"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
+#: sssd-ldap.5.xml:474
msgid "ldap_user_krb_last_pwd_change (string)"
msgstr "ldap_user_krb_last_pwd_change (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
+#: sssd-ldap.5.xml:477
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time of last password change in "
@@ -2721,17 +3038,17 @@ msgstr ""
"passe dans kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
+#: sssd-ldap.5.xml:483
msgid "Default: krbLastPwdChange"
msgstr "Par défaut : krbLastPwdChange"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
+#: sssd-ldap.5.xml:489
msgid "ldap_user_krb_password_expiration (string)"
msgstr "ldap_user_krb_password_expiration (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
+#: sssd-ldap.5.xml:492
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time when current password expires."
@@ -2741,17 +3058,17 @@ msgstr ""
"actuel."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
+#: sssd-ldap.5.xml:498
msgid "Default: krbPasswordExpiration"
msgstr "Par défaut : krbPasswordExpiration"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
+#: sssd-ldap.5.xml:504
msgid "ldap_user_ad_account_expires (string)"
msgstr "ldap_user_ad_account_expires (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
+#: sssd-ldap.5.xml:507
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the expiration time of the account."
@@ -2760,17 +3077,17 @@ msgstr ""
"d'un attribut LDAP stockant la date d'expiration du compte."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
+#: sssd-ldap.5.xml:512
msgid "Default: accountExpires"
msgstr "Par défaut : accountExpires"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
+#: sssd-ldap.5.xml:518
msgid "ldap_user_ad_user_account_control (string)"
msgstr "ldap_user_ad_user_account_control (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
+#: sssd-ldap.5.xml:521
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the user account control bit field."
@@ -2779,17 +3096,17 @@ msgstr ""
"d'un attribut LDAP stockant le champ de contrôle du compte utilisateur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
+#: sssd-ldap.5.xml:526
msgid "Default: userAccountControl"
msgstr "Par défaut : userAccountControl"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
+#: sssd-ldap.5.xml:532
msgid "ldap_ns_account_lock (string)"
msgstr "ldap_ns_account_lock (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
+#: sssd-ldap.5.xml:535
msgid ""
"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
"determines if access is allowed or not."
@@ -2798,17 +3115,17 @@ msgstr ""
"détermine si l'accès est autorisé ou non."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
+#: sssd-ldap.5.xml:540
msgid "Default: nsAccountLock"
msgstr "Par défaut : nsAccountLock"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
+#: sssd-ldap.5.xml:546
msgid "ldap_user_nds_login_disabled (string)"
msgstr "ldap_user_nds_login_disabled (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
+#: sssd-ldap.5.xml:549
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines if "
"access is allowed or not."
@@ -2817,17 +3134,17 @@ msgstr ""
"l'accès est autorisé ou non."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
+#: sssd-ldap.5.xml:553 sssd-ldap.5.xml:567
msgid "Default: loginDisabled"
msgstr "Par défaut : loginDisabled"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
+#: sssd-ldap.5.xml:559
msgid "ldap_user_nds_login_expiration_time (string)"
msgstr "ldap_user_nds_login_expiration_time (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
+#: sssd-ldap.5.xml:562
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines until "
"which date access is granted."
@@ -2836,12 +3153,12 @@ msgstr ""
"quand l'accès est autorisé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
+#: sssd-ldap.5.xml:573
msgid "ldap_user_nds_login_allowed_time_map (string)"
msgstr "ldap_user_nds_login_allowed_time_map (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
+#: sssd-ldap.5.xml:576
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines the "
"hours of a day in a week when access is granted."
@@ -2850,17 +3167,17 @@ msgstr ""
"heures de la semaine auxquelles l'accès est autorisé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
+#: sssd-ldap.5.xml:581
msgid "Default: loginAllowedTimeMap"
msgstr "Par défaut : loginAllowedTimeMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
+#: sssd-ldap.5.xml:587
msgid "ldap_user_principal (string)"
msgstr "ldap_user_principal (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
+#: sssd-ldap.5.xml:590
msgid ""
"The LDAP attribute that contains the user's Kerberos User Principal Name "
"(UPN)."
@@ -2869,27 +3186,27 @@ msgstr ""
"de l'utilisateur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
+#: sssd-ldap.5.xml:594
msgid "Default: krbPrincipalName"
msgstr "Par défaut : krbPrincipalName"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
+#: sssd-ldap.5.xml:600
msgid "ldap_user_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
+#: sssd-ldap.5.xml:603
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
+#: sssd-ldap.5.xml:610
msgid "ldap_force_upper_case_realm (boolean)"
msgstr "ldap_force_upper_case_realm (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
+#: sssd-ldap.5.xml:613
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -2902,29 +3219,29 @@ msgstr ""
"utiliseur une version en majuscule."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
+#: sssd-ldap.5.xml:626
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr "ldap_enumeration_refresh_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
+#: sssd-ldap.5.xml:629
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:634 sssd-ldap.5.xml:1887
msgid "Default: 300"
msgstr "Par défaut : 300"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
+#: sssd-ldap.5.xml:640
msgid "ldap_purge_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
+#: sssd-ldap.5.xml:643
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -2935,55 +3252,55 @@ msgstr ""
"connectés) et les supprimer pour sauvegarder de l'espace."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
+#: sssd-ldap.5.xml:649
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
"Mettre cette option à zéro désactive l'opération de nettoyage du cache."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
+#: sssd-ldap.5.xml:653
msgid "Default: 10800 (12 hours)"
msgstr "Par défaut : 1800 (12 heures)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
+#: sssd-ldap.5.xml:659
msgid "ldap_user_fullname (string)"
msgstr "ldap_user_fullname (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
+#: sssd-ldap.5.xml:662
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr "L'attribut LDAP qui correspond au nom complet de l'utilisateur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
+#: sssd-ldap.5.xml:666 sssd-ldap.5.xml:745 sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:952 sssd-ldap.5.xml:1742 sssd-ldap.5.xml:1960
+#: sssd-ipa.5.xml:441
msgid "Default: cn"
msgstr "Par défaut : cn"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
+#: sssd-ldap.5.xml:672
msgid "ldap_user_member_of (string)"
msgstr "ldap_user_member_of (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
+#: sssd-ldap.5.xml:675
msgid "The LDAP attribute that lists the user's group memberships."
msgstr "L'attribut LDAP qui liste l'appartenance au groupe de l'utilisateur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
+#: sssd-ldap.5.xml:679 sssd-ipa.5.xml:345
msgid "Default: memberOf"
msgstr "Par défaut : memberOf"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
+#: sssd-ldap.5.xml:685
msgid "ldap_user_authorized_service (string)"
msgstr "ldap_user_authorized_service (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
+#: sssd-ldap.5.xml:688
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -2994,7 +3311,7 @@ msgstr ""
"l'utilisateur pour déterminer les autorisations d'accès."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
+#: sssd-ldap.5.xml:695
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
@@ -3003,17 +3320,17 @@ msgstr ""
"autorisation explicite (svc) et enfin toutes les autorisations (*)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:700
msgid "Default: authorizedService"
msgstr "Par défaut : authorizedService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
+#: sssd-ldap.5.xml:706
msgid "ldap_user_authorized_host (string)"
msgstr "ldap_user_authorized_host (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
+#: sssd-ldap.5.xml:709
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -3024,7 +3341,7 @@ msgstr ""
"déterminer les autorisations d'accès."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
+#: sssd-ldap.5.xml:715
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
@@ -3033,82 +3350,99 @@ msgstr ""
"autorisations explicites (host) et enfin toutes les autorisations (*)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
+#: sssd-ldap.5.xml:720
msgid "Default: host"
msgstr "Par défaut : host"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:726
msgid "ldap_group_object_class (string)"
msgstr "ldap_group_object_class (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
+#: sssd-ldap.5.xml:729
msgid "The object class of a group entry in LDAP."
msgstr "La classe objet d'une entrée de groupe dans LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
+#: sssd-ldap.5.xml:732
msgid "Default: posixGroup"
msgstr "Par défaut : posixGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:738
msgid "ldap_group_name (string)"
msgstr "ldap_group_name (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
+#: sssd-ldap.5.xml:741
msgid "The LDAP attribute that corresponds to the group name."
msgstr "L'attribut LDAP qui correspond au nom du groupe."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:751
msgid "ldap_group_gid_number (string)"
msgstr "ldap_group_gid_number (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:754
msgid "The LDAP attribute that corresponds to the group's id."
msgstr "L'attribut LDAP qui correspond à l'identifiant de groupe."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
+#: sssd-ldap.5.xml:764
msgid "ldap_group_member (string)"
msgstr "ldap_group_member (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
+#: sssd-ldap.5.xml:767
msgid "The LDAP attribute that contains the names of the group's members."
msgstr "L'attribut LDAP qui contient les noms des membres de groupe."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
+#: sssd-ldap.5.xml:771
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr "Par défaut : uid de membre (rfc2307) / membre (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
+#: sssd-ldap.5.xml:777
msgid "ldap_group_uuid (string)"
msgstr "ldap_group_uuid (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:780
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr "L'attribut LDAP qui contient les UUID/GUID d'un groupe objet LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:790
+#, fuzzy
+#| msgid "ldap_group_object_class (string)"
+msgid "ldap_group_objectsid (string)"
+msgstr "ldap_group_object_class (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:793
+#, fuzzy
+#| msgid ""
+#| "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP group object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr "L'attribut LDAP qui contient les UUID/GUID d'un groupe objet LDAP."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:805
msgid "ldap_group_modify_timestamp (string)"
msgstr "ldap_group_modify_timestamp (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:818
msgid "ldap_group_nesting_level (integer)"
msgstr "ldap_group_nesting_level (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:821
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -3119,72 +3453,72 @@ msgstr ""
"suivre. Cette option n'a pas d'effet sur le schéma RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
+#: sssd-ldap.5.xml:828
msgid "Default: 2"
msgstr "Par défaut : 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:834
msgid "ldap_netgroup_object_class (string)"
msgstr "ldap_netgroup_object_class (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
+#: sssd-ldap.5.xml:837
msgid "The object class of a netgroup entry in LDAP."
msgstr "La classe d'objet d'une entrée de groupe réseau dans LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
+#: sssd-ldap.5.xml:840
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:844
msgid "Default: nisNetgroup"
msgstr "Par défaut : nisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
+#: sssd-ldap.5.xml:850
msgid "ldap_netgroup_name (string)"
msgstr "ldap_netgroup_name (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
+#: sssd-ldap.5.xml:853
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr "L'attribut LDAP qui correspond au nom du groupe réseau."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:857
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
+#: sssd-ldap.5.xml:867
msgid "ldap_netgroup_member (string)"
msgstr "ldap_netgroup_member (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
+#: sssd-ldap.5.xml:870
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr "L'attribut LDAP qui contient les noms des membres de groupe réseau."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
+#: sssd-ldap.5.xml:874
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:878
msgid "Default: memberNisNetgroup"
msgstr "Par défaut : memberNisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:884
msgid "ldap_netgroup_triple (string)"
msgstr "ldap_netgroup_triple (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
+#: sssd-ldap.5.xml:887
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
@@ -3192,128 +3526,128 @@ msgstr ""
"groupe réseau."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
+#: sssd-ldap.5.xml:891 sssd-ldap.5.xml:924
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:894
msgid "Default: nisNetgroupTriple"
msgstr "Par défaut : nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
+#: sssd-ldap.5.xml:900
msgid "ldap_netgroup_uuid (string)"
msgstr "ldap_netgroup_uuid (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
+#: sssd-ldap.5.xml:903
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
"L'attribut LDAP qui contient les UUID/GUID d'un objet LDAP de groupe réseau."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
+#: sssd-ldap.5.xml:907
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
+#: sssd-ldap.5.xml:917
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:933
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:936
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:939
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:945
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:948
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
+#: sssd-ldap.5.xml:958
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
+#: sssd-ldap.5.xml:961
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
+#: sssd-ldap.5.xml:965
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
+#: sssd-ldap.5.xml:971
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:974
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
+#: sssd-ldap.5.xml:978
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
+#: sssd-ldap.5.xml:984
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:987
msgid "An optional base DN to restrict service searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
+#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1997 sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2035 sssd-ldap.5.xml:2098 sssd-ldap.5.xml:2120
+#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 sssd-ipa.5.xml:206
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
+#: sssd-ldap.5.xml:996 sssd-ldap.5.xml:2002 sssd-ldap.5.xml:2021
+#: sssd-ldap.5.xml:2040 sssd-ldap.5.xml:2103 sssd-ldap.5.xml:2125
#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr "Par défaut : la valeur de <emphasis>ldap_search_base</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
+#: sssd-ldap.5.xml:1003
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1006
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -3324,7 +3658,7 @@ msgstr ""
"cache (et le mode hors ligne est activé)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
+#: sssd-ldap.5.xml:1012
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -3335,17 +3669,17 @@ msgstr ""
"différentes recherches."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
+#: sssd-ldap.5.xml:1018 sssd-ldap.5.xml:1060 sssd-ldap.5.xml:1075
msgid "Default: 6"
msgstr "Par défaut : 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1024
msgid "ldap_enumeration_search_timeout (integer)"
msgstr "ldap_enumeration_search_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1027
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -3355,18 +3689,13 @@ msgstr ""
"sur les utilisateurs et groupes avant qu'elles se terminent et que les "
"résultats mis en cache soient retournés (et le mode hors ligne est activé)"
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr "Par défaut : 60"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1040
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1043
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -3383,12 +3712,12 @@ msgstr ""
"inactif."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
+#: sssd-ldap.5.xml:1066
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
+#: sssd-ldap.5.xml:1069
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -3399,12 +3728,12 @@ msgstr ""
"contrôler le délai de communication avec le KDC dans le cas d'un appel SASL."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1081
msgid "ldap_connection_expire_timeout (integer)"
msgstr "ldap_connection_expire_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1084
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -3413,17 +3742,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
+#: sssd-ldap.5.xml:1092
msgid "Default: 900 (15 minutes)"
msgstr "Par défaut : 900 (15 minutes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1098
msgid "ldap_page_size (integer)"
msgstr "ldap_page_size (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
+#: sssd-ldap.5.xml:1101
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
@@ -3433,17 +3762,17 @@ msgstr ""
"requête."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1106
msgid "Default: 1000"
msgstr "Par défaut : 1000"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
+#: sssd-ldap.5.xml:1112
+msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1115
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -3451,27 +3780,50 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
+#: sssd-ldap.5.xml:1121
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1127
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
"requests being denied."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1133 include/ldap_id_mapping.xml:184
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1139
+msgid "ldap_sasl_minssf (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1142
+msgid ""
+"When communicating with an LDAP server using SASL, specify the minimum "
+"security level necessary to establish the connection. The values of this "
+"option are defined by OpenLDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1148
+msgid "Default: Use the system default (usually specified by ldap.conf)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1155
msgid "ldap_deref_threshold (integer)"
msgstr "ldap_deref_threshold (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1158
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -3483,13 +3835,13 @@ msgstr ""
"individuellement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1164
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1168
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -3502,7 +3854,7 @@ msgstr ""
"acceptés sont 389/RHDS, OpenLDAP et Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
+#: sssd-ldap.5.xml:1176
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -3510,12 +3862,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1189
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
+#: sssd-ldap.5.xml:1192
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
@@ -3524,7 +3876,7 @@ msgstr ""
"session TLS, si elle existe. Une des valeurs suivantes est utilisable :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1198
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
@@ -3533,7 +3885,7 @@ msgstr ""
"quelconque certificat du serveur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
+#: sssd-ldap.5.xml:1202
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3544,7 +3896,7 @@ msgstr ""
"certificat est fournit, il est ignoré et la session continue normalement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1209
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3555,7 +3907,7 @@ msgstr ""
"certificat est fournit, la session se termine immédiatement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1215
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3566,22 +3918,22 @@ msgstr ""
"immédiatement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1221
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr "<emphasis>hard</emphasis> : identique à <quote>demand</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1225
msgid "Default: hard"
msgstr "Par défaut : hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
+#: sssd-ldap.5.xml:1231
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
+#: sssd-ldap.5.xml:1234
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
@@ -3590,7 +3942,7 @@ msgstr ""
"certificats que <command>sssd</command> reconnaîtra."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
+#: sssd-ldap.5.xml:1239 sssd-ldap.5.xml:1257 sssd-ldap.5.xml:1298
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
@@ -3599,12 +3951,12 @@ msgstr ""
"<filename>/etc/openldap/ldap.conf</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1246
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1249
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3618,38 +3970,39 @@ msgstr ""
"corrects."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1264
msgid "ldap_tls_cert (string)"
msgstr "ldap_tls_cert (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1267
msgid "Specifies the file that contains the certificate for the client's key."
msgstr "Définit le fichier qui contient le certificat pour la clef client."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1271 sssd-ldap.5.xml:1283 sssd-ldap.5.xml:1344
+#: sssd-ldap.5.xml:2058 sssd-ldap.5.xml:2085 sssd-krb5.5.xml:359
+#: include/ldap_id_mapping.xml:145 include/ldap_id_mapping.xml:156
msgid "Default: not set"
msgstr "Par défaut : non défini"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1277
msgid "ldap_tls_key (string)"
msgstr "ldap_tls_key (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1280
msgid "Specifies the file that contains the client's key."
msgstr "Définit le fichier qui contient la clef client."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
+#: sssd-ldap.5.xml:1289
msgid "ldap_tls_cipher_suite (string)"
msgstr "ldap_tls_cipher_suite (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
+#: sssd-ldap.5.xml:1292
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3660,12 +4013,12 @@ msgstr ""
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> pour le format."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1305
msgid "ldap_id_use_start_tls (boolean)"
msgstr "ldap_id_use_start_tls (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1308
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
@@ -3674,12 +4027,32 @@ msgstr ""
"<systemitem class=\"protocol\">tls</systemitem> pour protéger le canal."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1318
+#, fuzzy
+#| msgid "ldap_id_use_start_tls (boolean)"
+msgid "ldap_id_mapping (boolean)"
+msgstr "ldap_id_use_start_tls (booléen)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1321
+msgid ""
+"Specifies that SSSD should attempt to map user and group IDs from the "
+"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
+"on ldap_user_uid_number and ldap_group_gid_number."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1327
+msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1337
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1340
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
@@ -3687,18 +4060,13 @@ msgstr ""
"Définit le mécanisme SASL à utiliser. Actuellement, seul GSSAPI est testé et "
"pris en charge."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr "Par défaut : aucun"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1350
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
+#: sssd-ldap.5.xml:1353
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
@@ -3708,51 +4076,51 @@ msgstr ""
"dossier."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
+#: sssd-ldap.5.xml:1358
msgid "Default: host/machine.fqdn@REALM"
msgstr "Par défaut : hôte/machine.fqdn@DOMAINE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1364
msgid "ldap_sasl_canonicalize (boolean)"
msgstr "ldap_sasl_canonicalize (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
+#: sssd-ldap.5.xml:1367
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
+#: sssd-ldap.5.xml:1372
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1378
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
+#: sssd-ldap.5.xml:1381
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr "Définit le fichier keytab à utiliser pour utiliser SASL/GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1384
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
"Par défaut : le fichier keytab du système, normalement <filename>/etc/krb5."
"keytab</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
+#: sssd-ldap.5.xml:1390
msgid "ldap_krb5_init_creds (boolean)"
msgstr "ldap_krb5_init_creds (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
+#: sssd-ldap.5.xml:1393
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -3763,27 +4131,27 @@ msgstr ""
"que le mécanisme choisit est GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1405
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1408
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr "Définit la durée de vie, en secondes, des TGT si GSSAPI est utilisé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
+#: sssd-ldap.5.xml:1412
msgid "Default: 86400 (24 hours)"
msgstr "Par défaut : 86400 (24 heures)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1418 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr "krb5_server (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1421 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -3795,7 +4163,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1433 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -3806,7 +4174,7 @@ msgstr ""
"passe sur _tcp si aucune entrée n'est trouvée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1438 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -3818,40 +4186,40 @@ msgstr ""
"l'utilisation de <quote>krb5_server</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1447 sssd-ipa.5.xml:235 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1450
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr "Définit le DOMAINE de Kerberos (pour l'authentification SASL/GSSAPI)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
+#: sssd-ldap.5.xml:1453
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
"Par défaut : système par défaut, voir <filename>/etc/krb5.conf</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1459 sssd-ipa.5.xml:250 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1462
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
+#: sssd-ldap.5.xml:1474
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
+#: sssd-ldap.5.xml:1477
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
@@ -3860,7 +4228,7 @@ msgstr ""
"valeurs suivantes sont acceptées :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1482
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
@@ -3869,7 +4237,7 @@ msgstr ""
"peut pas désactiver la politique sur les mots de passe du côté serveur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
+#: sssd-ldap.5.xml:1487
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -3877,7 +4245,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
+#: sssd-ldap.5.xml:1493
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -3888,17 +4256,17 @@ msgstr ""
"chpass_provider=krb5 ces attributs lorsque le mot de passe est changé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1505
msgid "ldap_referrals (boolean)"
msgstr "ldap_referrals (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1508
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr "Définit si le référencement automatique doit être activé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
+#: sssd-ldap.5.xml:1512
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
@@ -3906,30 +4274,39 @@ msgstr ""
"Veuillez noter que sssd ne supporte que le référencement quand il est "
"compilé avec OpenLDAP version 2.4.13 ou supérieur."
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1517
+msgid ""
+"Chasing referrals may incur a performance penalty in environments that use "
+"them heavily, a notable example is Microsoft Active Directory. If your setup "
+"does not in fact require the use of referrals, setting this option to false "
+"might bring a noticeable performance improvement."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1531
msgid "ldap_dns_service_name (string)"
msgstr "ldap_dns_service_name (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1534
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
"Définit le nom de service à utiliser quand la découverte de services est "
"activée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1538
msgid "Default: ldap"
msgstr "Par défaut : ldap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1544
msgid "ldap_chpass_dns_service_name (string)"
msgstr "ldap_chpass_dns_service_name (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
+#: sssd-ldap.5.xml:1547
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
@@ -3938,39 +4315,34 @@ msgstr ""
"un changement de mot de passe quand la découverte de services est activée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1552
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
"Par défaut : non défini, c'est-à-dire que le service de découverte est "
"désactivé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
+#: sssd-ldap.5.xml:1558
msgid "ldap_access_filter (string)"
msgstr "ldap_access_filter (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1561
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
+"it will result in all users being denied access. Use access_provider = "
+"permit to change this default behavior."
msgstr ""
-"Si access_provider = ldap, cette option est obligatoire. Elle spécifie un "
-"critère de filtre LDAP requit par l'utilisateur pour avoir un accès sur cet "
-"hôte. Si access_provider = ldap et que cette option n'est pas définie, tous "
-"les utilisateurs seront refusés. Utilisez access_provider = allow pour "
-"changer ce comportement par défaut."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:1571 sssd-ldap.5.xml:2061
msgid "Example:"
msgstr "Exemple:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
+#: sssd-ldap.5.xml:1574
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3982,7 +4354,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1578
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
@@ -3991,7 +4363,7 @@ msgstr ""
"utilisateurs_autorisés » dans LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
+#: sssd-ldap.5.xml:1583
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4003,17 +4375,17 @@ msgstr ""
"l'accès sera conservé en mode hors-ligne et vice-versa."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1591 sssd-ldap.5.xml:1641
msgid "Default: Empty"
msgstr "Par défaut : vide"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1597
msgid "ldap_account_expire_policy (string)"
msgstr "ldap_account_expire_policy (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1600
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
@@ -4022,7 +4394,7 @@ msgstr ""
"être activée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1604
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4034,12 +4406,12 @@ msgstr ""
"correct."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1611
msgid "The following values are allowed:"
msgstr "Les valeurs suivantes sont autorisées :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1614
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
@@ -4048,7 +4420,7 @@ msgstr ""
"ldap_user_shadow_expire pour déterminer si le compte a expiré."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1619
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4061,7 +4433,7 @@ msgstr ""
"période d'expiration du compte est aussi vérifiée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1626
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4072,7 +4444,7 @@ msgstr ""
"l'accès est autorisé ou non."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
+#: sssd-ldap.5.xml:1632
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4085,29 +4457,29 @@ msgstr ""
"est autorisé. Si les deux attributs sont manquants l'accès est autorisé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
+#: sssd-ldap.5.xml:1647
msgid "ldap_access_order (string)"
msgstr "ldap_access_order (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
+#: sssd-ldap.5.xml:1650
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
"Liste des options de contrôles d'accès, séparées par des virgules. Valeurs "
"autorisées :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1654
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr "<emphasis>filter</emphasis> : utilise ldap_access_filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1657
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr "<emphasis>expire</emphasis>: utilise ldap_account_expire_policy"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1661
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
@@ -4116,18 +4488,18 @@ msgstr ""
"de service pour déterminer l'accès"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
+#: sssd-ldap.5.xml:1666
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
"<emphasis>host</emphasis> : utilise l'attribut d'hôte pour déterminer l'accès"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1670
msgid "Default: filter"
msgstr "Par défaut : filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1673
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
@@ -4136,12 +4508,12 @@ msgstr ""
"de configuration."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1680
msgid "ldap_deref (string)"
msgstr "ldap_deref (chaînes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
+#: sssd-ldap.5.xml:1683
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
@@ -4150,12 +4522,12 @@ msgstr ""
"recherche. Les options suivantes sont autorisées :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1688
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr "<emphasis>never</emphasis> : les alias ne sont jamais déréférencés."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1692
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
@@ -4165,7 +4537,7 @@ msgstr ""
"la recherche lui-même."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1697
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
@@ -4174,7 +4546,7 @@ msgstr ""
"la localisation de l'objet de base de la recherche."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1702
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
@@ -4183,7 +4555,7 @@ msgstr ""
"recherche et en localisant l'objet de base de la recherche."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1707
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -4207,212 +4579,212 @@ msgstr ""
"détails. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1718
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1723
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
+#: sssd-ldap.5.xml:1726
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1729
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1735
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1738
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1748
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1751
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
+#: sssd-ldap.5.xml:1755
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
+#: sssd-ldap.5.xml:1761
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
+#: sssd-ldap.5.xml:1764
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
+#: sssd-ldap.5.xml:1769
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1775
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
+#: sssd-ldap.5.xml:1778
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
+#: sssd-ldap.5.xml:1782
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1788
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
+#: sssd-ldap.5.xml:1791
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
+#: sssd-ldap.5.xml:1795
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
+#: sssd-ldap.5.xml:1801
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1804
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
+#: sssd-ldap.5.xml:1808
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
+#: sssd-ldap.5.xml:1814
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
+#: sssd-ldap.5.xml:1817
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
+#: sssd-ldap.5.xml:1821
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
+#: sssd-ldap.5.xml:1827
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
+#: sssd-ldap.5.xml:1830
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1834
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
+#: sssd-ldap.5.xml:1840
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
+#: sssd-ldap.5.xml:1843
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1848
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1854
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1857
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
+#: sssd-ldap.5.xml:1861
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1867
msgid "ldap_sudo_refresh_enabled (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1870
msgid ""
"Enables periodical download of all sudo rules. The cache is purged before "
"each update."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1880
msgid "ldap_sudo_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
+#: sssd-ldap.5.xml:1883
msgid ""
"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1721
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1894
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -4421,76 +4793,76 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1904
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
+#: sssd-ldap.5.xml:1906
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1913
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1916 sssd-ldap.5.xml:1942
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1919 sssd-ldap.5.xml:1946
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
+#: sssd-ldap.5.xml:1926
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
+#: sssd-ldap.5.xml:1929
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
+#: sssd-ldap.5.xml:1932
msgid "Default: ou"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1939
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1953
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
+#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:1970
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1967
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1974
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1911
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -4499,17 +4871,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
+#: sssd-ldap.5.xml:1983
msgid "ADVANCED OPTIONS"
msgstr "OPTIONS AVANCÉES"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
+#: sssd-ldap.5.xml:1990
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (chaînes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
+#: sssd-ldap.5.xml:1993
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
@@ -4517,36 +4889,36 @@ msgstr ""
"un sous-domaine spécifique."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:2009
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (chaînes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
+#: sssd-ldap.5.xml:2012
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
"Une base DN optionnelle pour restreindre les recherches utilisateur à un "
"sous-domaine spécifique."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
+#: sssd-ldap.5.xml:2028
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (chaînes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:2031
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
"Une base DN optionnelle pour restreindre les recherches de groupe à un sous-"
"domaine spécifique."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:2047
msgid "ldap_user_search_filter (string)"
msgstr "ldap_user_search_filter (chaînes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
+#: sssd-ldap.5.xml:2050
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
@@ -4555,14 +4927,14 @@ msgstr ""
"restreint les recherches utilisateur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
+#: sssd-ldap.5.xml:2054
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2064
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -4572,7 +4944,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
+#: sssd-ldap.5.xml:2067
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
@@ -4581,12 +4953,12 @@ msgstr ""
"qui ont leur interpréteur de commande définit sur /bin/tcsh."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2074
msgid "ldap_group_search_filter (string)"
msgstr "ldap_group_search_filter (chaînes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
+#: sssd-ldap.5.xml:2077
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
@@ -4595,36 +4967,36 @@ msgstr ""
"restreint les recherches de groupe."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2081
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2091
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2094
msgid ""
"An optional base DN to restrict sudo rules searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
+#: sssd-ldap.5.xml:2113
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
+#: sssd-ldap.5.xml:2116
msgid ""
"An optional base DN to restrict automounter searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1985
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -4636,7 +5008,7 @@ msgstr ""
"\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2147
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -4646,7 +5018,7 @@ msgstr ""
"sur un des domaines de la section <replaceable>[domains]</replaceable>."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
+#: sssd-ldap.5.xml:2153
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -4667,19 +5039,19 @@ msgstr ""
" cache_credentials = true\n"
" enumerate = true\n"
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
+#. type: Content of: <refsect1><refsect2><para>
+#: sssd-ldap.5.xml:2152 sssd-simple.5.xml:134 sssd-ipa.5.xml:571
+#: sssd-krb5.5.xml:441 include/ldap_id_mapping.xml:63
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:2166 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr "NOTES"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
+#: sssd-ldap.5.xml:2168
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -4692,7 +5064,7 @@ msgstr ""
"OpenLDAP 2.4."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
+#: sssd-ldap.5.xml:2179
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -5323,19 +5695,38 @@ msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:199
+#, fuzzy
+#| msgid "ipa_hbac_search_base (string)"
+msgid "ipa_subdomains_search_base (string)"
+msgstr "ipa_hbac_search_base (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:202
+msgid "Optional. Use the given string as search base for trusted domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+#, fuzzy
+#| msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
+msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
+msgstr "Par défaut : la valeur de <emphasis>ldap_search_base</emphasis>"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:218 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr "krb5_validate (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:221 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr "Vérifie avec l'aide de krb5_keytab que le TGT obtenu n'est pas usurpé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
+#: sssd-ipa.5.xml:228
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -5344,7 +5735,7 @@ msgstr ""
"original."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
+#: sssd-ipa.5.xml:238
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
@@ -5353,7 +5744,7 @@ msgstr ""
"<quote>ipa_domain</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:242
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
@@ -5362,7 +5753,7 @@ msgstr ""
"convertit en la base DN pour effectuer des opérations LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
+#: sssd-ipa.5.xml:253
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -5370,12 +5761,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
+#: sssd-ipa.5.xml:266
msgid "ipa_hbac_refresh (integer)"
msgstr "ipa_hbac_refresh (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
+#: sssd-ipa.5.xml:269
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -5386,17 +5777,17 @@ msgstr ""
"requêtes de contrôle d'accès pendant une courte période."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
+#: sssd-ipa.5.xml:276
msgid "Default: 5 (seconds)"
msgstr "Par défaut : 5 (secondes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
+#: sssd-ipa.5.xml:281
msgid "ipa_hbac_treat_deny_as (string)"
msgstr "ipa_hbac_treat_deny_as (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
+#: sssd-ipa.5.xml:284
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -5410,7 +5801,7 @@ msgstr ""
"client supportera deux modes opératoires pendant cette transition :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
+#: sssd-ipa.5.xml:293
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
@@ -5419,7 +5810,7 @@ msgstr ""
"tous les utilisateurs ne pourront pas se connecter."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
+#: sssd-ipa.5.xml:298
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
@@ -5428,299 +5819,299 @@ msgstr ""
"Faites attention avec cette option, elle peut fournir des accès non-prévus."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
+#: sssd-ipa.5.xml:303
msgid "Default: DENY_ALL"
msgstr "Par défaut : DENY_ALL"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
+#: sssd-ipa.5.xml:308
msgid "ipa_hbac_support_srchost (boolean)"
msgstr "ipa_hbac_support_srchost (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:311
msgid ""
"If this is set to false, then srchost as given to SSSD by PAM will be "
"ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
+#: sssd-ipa.5.xml:315
msgid ""
"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
+#: sssd-ipa.5.xml:326
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
+#: sssd-ipa.5.xml:329
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
+#: sssd-ipa.5.xml:332
msgid "Default: The location named \"default\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:338
msgid "ipa_netgroup_member_of (string)"
msgstr "ipa_netgroup_member_of (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
+#: sssd-ipa.5.xml:341
msgid "The LDAP attribute that lists netgroup's memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
+#: sssd-ipa.5.xml:350
msgid "ipa_netgroup_member_user (string)"
msgstr "ipa_netgroup_member_user (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
+#: sssd-ipa.5.xml:353
msgid ""
"The LDAP attribute that lists system users and groups that are direct "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:358 sssd-ipa.5.xml:453
msgid "Default: memberUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
+#: sssd-ipa.5.xml:363
msgid "ipa_netgroup_member_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:366
msgid ""
"The LDAP attribute that lists hosts and host groups that are direct members "
"of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:370 sssd-ipa.5.xml:465
msgid "Default: memberHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:375
msgid "ipa_netgroup_member_ext_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
+#: sssd-ipa.5.xml:378
msgid ""
"The LDAP attribute that lists FQDNs of hosts and host groups that are "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
+#: sssd-ipa.5.xml:382
msgid "Default: externalHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
+#: sssd-ipa.5.xml:387
msgid "ipa_netgroup_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:390
msgid "The LDAP attribute that contains NIS domain name of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
+#: sssd-ipa.5.xml:394
msgid "Default: nisDomainName"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
+#: sssd-ipa.5.xml:400
msgid "ipa_host_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
+#: sssd-ipa.5.xml:403 sssd-ipa.5.xml:426
msgid "The object class of a host entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
+#: sssd-ipa.5.xml:406 sssd-ipa.5.xml:429
msgid "Default: ipaHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:411
msgid "ipa_host_fqdn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
+#: sssd-ipa.5.xml:414
msgid "The LDAP attribute that contains FQDN of the host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
+#: sssd-ipa.5.xml:417
msgid "Default: fqdn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
+#: sssd-ipa.5.xml:423
msgid "ipa_selinux_usermap_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
+#: sssd-ipa.5.xml:434
msgid "ipa_selinux_usermap_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:437
msgid "The LDAP attribute that contains the name of SELinux usermap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:446
msgid "ipa_selinux_usermap_member_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
+#: sssd-ipa.5.xml:449
msgid ""
"The LDAP attribute that contains all users / groups this rule match against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
+#: sssd-ipa.5.xml:458
msgid "ipa_selinux_usermap_member_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
+#: sssd-ipa.5.xml:461
msgid ""
"The LDAP attribute that contains all hosts / hostgroups this rule match "
"against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:470
msgid "ipa_selinux_usermap_see_also (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:473
msgid ""
"The LDAP attribute that contains DN of HBAC rule which can be used for "
"matching instead of memberUser and memberHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
+#: sssd-ipa.5.xml:478
msgid "Default: seeAlso"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
+#: sssd-ipa.5.xml:483
msgid "ipa_selinux_usermap_selinux_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:486
msgid "The LDAP attribute that contains SELinux user string itself."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:490
msgid "Default: ipaSELinuxUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
+#: sssd-ipa.5.xml:495
msgid "ipa_selinux_usermap_enabled (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
+#: sssd-ipa.5.xml:498
msgid ""
"The LDAP attribute that contains whether or not is user map enabled for "
"usage."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:502
msgid "Default: ipaEnabledFlag"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
+#: sssd-ipa.5.xml:507
msgid "ipa_selinux_usermap_user_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:510
msgid "The LDAP attribute that contains user category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
+#: sssd-ipa.5.xml:514
msgid "Default: userCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:519
msgid "ipa_selinux_usermap_host_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:522
msgid "The LDAP attribute that contains host category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
+#: sssd-ipa.5.xml:526
msgid "Default: hostCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:531
msgid "ipa_selinux_usermap_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
+#: sssd-ipa.5.xml:534
msgid "The LDAP attribute that contains unique ID of the user map."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
+#: sssd-ipa.5.xml:538
msgid "Default: ipaUniqueID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
+#: sssd-ipa.5.xml:543
msgid "ipa_host_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
+#: sssd-ipa.5.xml:546
msgid "The LDAP attribute that contains the host's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:550
msgid "Default: ipaSshPubKey"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:565
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -5731,7 +6122,7 @@ msgstr ""
"exemples montrent seulement les options spécifiques au fournisseur IPA."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:572
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -5745,7 +6136,7 @@ msgstr ""
" ipa_hostname = mon_hôte.exemple.com\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
+#: sssd-ipa.5.xml:583
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -5840,11 +6231,6 @@ msgstr ""
msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Par défaut : 0"
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:85
msgid "<option>-f</option>,<option>--debug-to-files</option>"
@@ -6325,7 +6711,7 @@ msgstr ""
"valeur par défaut du système est utilisée."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
+#: sss_useradd.8.xml:171
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6891,7 +7277,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
+#: sss_groupadd.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6988,7 +7374,7 @@ msgid "Before actually deleting the user, terminate all his processes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
+#: sss_userdel.8.xml:97
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -7039,7 +7425,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
+#: sss_groupdel.8.xml:50
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -7095,7 +7481,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
+#: sss_groupshow.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -7198,7 +7584,7 @@ msgid "The SELinux user for the user's login."
msgstr "L'utilisateur SELinux pour la connexion utilisateur."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
+#: sss_usermod.8.xml:142
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -7317,13 +7703,75 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:108
+#, fuzzy
+#| msgid ""
+#| "<option>-s</option>,<option>--shell</option> <replaceable>SHELL</"
+#| "replaceable>"
msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"<option>-s</option>,<option>--service</option> <replaceable>service</"
"replaceable>"
msgstr ""
+"<option>-s</option>,<option>--shell</option> "
+"<replaceable>INTERPRÉTEUR_DE_COMMANDE</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:113
+msgid "Invalidate specific service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:119
+#, fuzzy
+#| msgid "<option>-f</option>,<option>--force</option>"
+msgid "<option>-S</option>,<option>--services</option>"
+msgstr "<option>-f</option>,<option>--force</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:123
+msgid ""
+"Invalidate all service records. This option overrides invalidation of "
+"specific service if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:130
+#, fuzzy
+#| msgid ""
+#| "<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
+msgid ""
+"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
+"replaceable>"
+msgstr ""
+"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:135
+msgid "Invalidate specific autofs maps."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:141
+#, fuzzy
+#| msgid "<option>-D</option>,<option>--daemon</option>"
+msgid "<option>-A</option>,<option>--autofs-maps</option>"
+msgstr "<option>-D</option>,<option>--daemon</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:145
+msgid ""
+"Invalidate all autofs maps. This option overrides invalidation of specific "
+"map if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:152
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:157
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -7548,7 +7996,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
msgid "Configuration"
msgstr "Configuration"
@@ -7664,6 +8112,253 @@ msgid ""
"offline mode, and then attempts to reconnect every 30 seconds."
msgstr ""
+#. type: Content of: <refsect1><title>
+#: include/ldap_id_mapping.xml:2
+msgid "ID MAPPING"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:4
+msgid ""
+"The ID-mapping feature allows SSSD to act as a client of Active Directory "
+"without requiring administrators to extend user attributes to support POSIX "
+"attributes for user and group identifiers."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:9
+msgid ""
+"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are "
+"ignored. This is to avoid the possibility of conflicts between automatically-"
+"assigned and manually-assigned values. If you need to use manually-assigned "
+"values, ALL values must be manually-assigned."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:17
+msgid "Mapping Algorithm"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:19
+msgid ""
+"Active Directory provides an objectSID for every user and group object in "
+"the directory. This objectSID can be broken up into components that "
+"represent the Active Directory domain identity and the relative identifier "
+"(RID) of the user or group object."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:25
+msgid ""
+"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
+"into equally-sized component sections - called \"slices\"-. Each slice "
+"represents the space available to an Active Directory domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:31
+msgid ""
+"When a user or group entry for a particular domain is encountered for the "
+"first time, the SSSD allocates one of the available slices for that domain. "
+"In order to make this slice-assignment repeatable on different client "
+"machines, we select the slice based on the following algorithm:"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:38
+msgid ""
+"The SID string is passed through the murmurhash3 algorithm to convert it to "
+"a 32-bit hashed value. We then take the modulus of this value with the total "
+"number of available slices to pick the slice."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:44
+msgid ""
+"NOTE: It is possible to encounter collisions in the hash and subsequent "
+"modulus. In these situations, we will select the next available slice, but "
+"it may not be possible to reproduce the same exact set of slices on other "
+"machines (since the order that they are encountered will determine their "
+"slice). In this situation, it is recommended to either switch to using "
+"explicit POSIX attributes in Active Directory (disabling ID-mapping) or "
+"configure a default domain to guarantee that at least one is always "
+"consistent. See <quote>Configuration</quote> for details."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:59
+msgid ""
+"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><programlisting>
+#: include/ldap_id_mapping.xml:64
+#, no-wrap
+msgid ""
+"ldap_id_mapping = True\n"
+"ldap_schema = ad\n"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:69
+msgid ""
+"The default configuration results in configuring 10,000 slices, each capable "
+"of holding up to 200,000 IDs, starting from 10,001 and going up to "
+"2,000,100,000. This should be sufficient for most deployments."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><title>
+#: include/ldap_id_mapping.xml:75
+#, fuzzy
+#| msgid "Configuration"
+msgid "Advanced Configuration"
+msgstr "Configuration"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:78
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_range_min (integer)"
+msgstr "ldap_page_size (entier)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:81
+msgid ""
+"Specifies the lower bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:85
+msgid ""
+"NOTE: This option is different from <quote>id_mn</quote> in that "
+"<quote>id_min</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_min</"
+"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:95
+#, fuzzy
+#| msgid "Default: 1000"
+msgid "Default: 10001"
+msgstr "Par défaut : 1000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:100
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_range_max (integer)"
+msgstr "ldap_page_size (entier)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:103
+msgid ""
+"Specifies the upper bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:107
+msgid ""
+"NOTE: This option is different from <quote>id_max</quote> in that "
+"<quote>id_max</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_max</"
+"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:117
+#, fuzzy
+#| msgid "Default: 1000"
+msgid "Default: 2000100000"
+msgstr "Par défaut : 1000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:122
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_range_size (integer)"
+msgstr "ldap_page_size (entier)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:125
+msgid ""
+"Specifies the number of IDs available for each slice. If the range size "
+"does not divide evenly into the min and max values, it will create as many "
+"complete slices as it can."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:131
+#, fuzzy
+#| msgid "Default: 1000"
+msgid "Default: 200000"
+msgstr "Par défaut : 1000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:136
+#, fuzzy
+#| msgid "ldap_default_bind_dn (string)"
+msgid "ldap_idmap_default_domain_sid (string)"
+msgstr "ldap_default_bind_dn (chaîne)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:139
+msgid ""
+"Specify the domain SID of the default domain. This will guarantee that this "
+"domain will always be assigned to slice zero in the ID map, bypassing the "
+"murmurhash algorithm described above."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:150
+#, fuzzy
+#| msgid "ldap_default_bind_dn (string)"
+msgid "ldap_idmap_default_domain (string)"
+msgstr "ldap_default_bind_dn (chaîne)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:153
+#, fuzzy
+#| msgid "The type of the authentication token of the default bind DN."
+msgid "Specify the name of the default domain."
+msgstr "Le type de jeton d'authentification pour le lien DN par défaut."
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:161
+#, fuzzy
+#| msgid "ldap_id_use_start_tls (boolean)"
+msgid "ldap_idmap_autorid_compat (boolean)"
+msgstr "ldap_id_use_start_tls (booléen)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:164
+msgid ""
+"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
+"winbind's <quote>idmap_autorid</quote> algorithm."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:169
+msgid ""
+"When this option is configured, domains will be allocated starting with "
+"slice zero and increasing monatomically with each additional domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:174
+msgid ""
+"NOTE: This algorithm is non-deterministic (it depends on the order that "
+"users and groups are requested). If this mode is required for compatibility "
+"with machines running winbind, it is recommended to also use the "
+"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at "
+"least one domain is consistently allocated to slice zero."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-h</option>,<option>--help</option>"
@@ -7783,3 +8478,33 @@ msgid ""
"<emphasis> This is an experimental feature, please use http://fedorahosted."
"org/sssd to report any issues. </emphasis>"
msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/local.xml:2
+msgid "THE LOCAL DOMAIN"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:4
+msgid ""
+"In order to function correctly, a domain with <quote>id_provider=local</"
+"quote> must be created and the SSSD must be running."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:9
+msgid ""
+"The administrator might want to use the SSSD local users instead of "
+"traditional UNIX users in cases where the group nesting (see <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>) is needed. The local users are also useful for testing and "
+"development of the SSSD without having to deploy a full remote server. The "
+"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
+"local LDB storage to store users and groups."
+msgstr ""
+
+#~ msgid "Default: 7"
+#~ msgstr "Par défaut : 7"
+
+#~ msgid "<quote>permit</quote> always allow access."
+#~ msgstr "<quote>permit</quote> autoriser l'accès de manière permanente."
diff --git a/src/man/po/ja.po b/src/man/po/ja.po
index ffa0e593f..40c9d4775 100644
--- a/src/man/po/ja.po
+++ b/src/man/po/ja.po
@@ -10,8 +10,8 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-03-12 16:37-0300\n"
-"PO-Revision-Date: 2012-03-09 23:57+0000\n"
+"POT-Creation-Date: 2012-05-11 14:59-0300\n"
+"PO-Revision-Date: 2012-04-23 00:55+0000\n"
"Last-Translator: Tomoyuki KATO <tomo@dream.daynight.jp>\n"
"Language-Team: Japanese <trans-ja@lists.fedoraproject.org>\n"
"Language: ja\n"
@@ -129,18 +129,18 @@ msgstr ""
"グループから削除します。"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1348 sssd-ldap.5.xml:2096
+#: sss_groupmod.8.xml:74 sssd.conf.5.xml:1585 sssd-ldap.5.xml:2177
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138 sss_ssh_authorizedkeys.1.xml:96
+#: sssd-ipa.5.xml:581 sssd.8.xml:191 sss_obfuscate.8.xml:103
+#: sss_useradd.8.xml:169 sssd-krb5.5.xml:451 sss_groupadd.8.xml:60
+#: sss_userdel.8.xml:95 sss_groupdel.8.xml:48 sss_groupshow.8.xml:60
+#: sss_usermod.8.xml:140 sss_ssh_authorizedkeys.1.xml:96
#: sss_ssh_knownhostsproxy.1.xml:95
msgid "SEE ALSO"
msgstr "関連項目"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
+#: sss_groupmod.8.xml:76
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -264,7 +264,7 @@ msgid "The [sssd] section"
msgstr "[sssd] セクション"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:1431
msgid "Section parameters"
msgstr "セクションのパラメーター"
@@ -296,18 +296,21 @@ msgstr "sssd 自身が開始するときに開始されるサービスのカン
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:88
msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
+"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
+"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
+"\"with_ssh\">, ssh</phrase>"
msgstr ""
"サポートされるサービス: nss, pam <phrase condition=\"with_sudo\">, sudo</"
-"phrase>"
+"phrase> <phrase condition=\"with_autofs\">, autofs</phrase> <phrase "
+"condition=\"with_ssh\">, ssh</phrase>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
+#: sssd.conf.5.xml:96 sssd.conf.5.xml:288
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
+#: sssd.conf.5.xml:99 sssd.conf.5.xml:291
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -316,17 +319,17 @@ msgstr ""
"める前に試行する回数です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
+#: sssd.conf.5.xml:104 sssd.conf.5.xml:296
msgid "Default: 3"
msgstr "初期値: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:109
msgid "domains"
msgstr "domains"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:112
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -338,12 +341,12 @@ msgstr ""
"始できません。このパラメーターは検索したいドメインの一覧を表されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
+#: sssd.conf.5.xml:122
msgid "re_expression (string)"
msgstr "re_expression (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
+#: sssd.conf.5.xml:125
msgid ""
"Regular expression that describes how to parse the string containing user "
"name and domain into these components."
@@ -352,7 +355,7 @@ msgstr ""
"を表す正規表現です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
+#: sssd.conf.5.xml:129
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -363,7 +366,7 @@ msgstr ""
"everything after that\" に解釈されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
+#: sssd.conf.5.xml:134
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -371,7 +374,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:141
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
@@ -380,12 +383,12 @@ msgstr ""
"Python 構文 (?P&lt;name&gt;) のみをサポートします。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
+#: sssd.conf.5.xml:148
msgid "full_name_format (string)"
msgstr "full_name_format (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
+#: sssd.conf.5.xml:151
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to translate "
@@ -396,17 +399,17 @@ msgstr ""
"citerefentry> 互換の形式です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
+#: sssd.conf.5.xml:159
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "初期値: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
+#: sssd.conf.5.xml:164
msgid "try_inotify (boolean)"
msgstr "try_inotify (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
+#: sssd.conf.5.xml:167
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -419,7 +422,7 @@ msgstr ""
"フォールバックします。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
+#: sssd.conf.5.xml:175
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -430,7 +433,7 @@ msgstr ""
"です"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
+#: sssd.conf.5.xml:181
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
@@ -439,7 +442,7 @@ msgstr ""
"トフォームにおいては偽です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:185
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
@@ -448,12 +451,12 @@ msgstr ""
"ません。これらのプラットフォームにおいては、ポーリングが常に使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
+#: sssd.conf.5.xml:192
msgid "krb5_rcache_dir (string)"
msgstr "krb5_rcache_dir (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
+#: sssd.conf.5.xml:195
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -462,7 +465,7 @@ msgstr ""
"クトリーです。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
+#: sssd.conf.5.xml:199
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
@@ -471,7 +474,7 @@ msgstr ""
"よう SSSD に指示する、特別な値 __LIBKRB5_DEFAULTS__ を受け付けます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
+#: sssd.conf.5.xml:205
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
@@ -479,6 +482,29 @@ msgstr ""
"初期値: ディストリビューション固有かつ構築時に指定されます。 (設定されていな"
"ければ __LIBKRB5_DEFAULTS__ です)"
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:212
+#, fuzzy
+#| msgid "timeout (integer)"
+msgid "force_timeout (integer)"
+msgstr "timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:215
+msgid ""
+"If a service is not responding to ping checks (see the <quote>timeout</"
+"quote> option), it is first sent the SIGTERM signal that instructs it to "
+"quit gracefully. If the service does not terminate after "
+"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down "
+"by sending a SIGKILL signal."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:542 sssd.conf.5.xml:690
+#: sssd-ldap.5.xml:1034
+msgid "Default: 60"
+msgstr "初期値: 60"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:63
msgid ""
@@ -496,12 +522,12 @@ msgstr ""
"<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
+#: sssd.conf.5.xml:234
msgid "SERVICES SECTIONS"
msgstr "サービスセクション"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
+#: sssd.conf.5.xml:236
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -513,61 +539,80 @@ msgstr ""
"ば、NSS サービスは <quote>[nss]</quote> セクションです"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
+#: sssd.conf.5.xml:243
msgid "General service configuration options"
msgstr "サービス設定の全体オプション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
+#: sssd.conf.5.xml:245
msgid "These options can be used to configure any service."
msgstr "これらのオプションはすべてのサービスを設定するために使用できます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
+#: sssd.conf.5.xml:249
msgid "debug_level (integer)"
msgstr "debug_level (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
+#: sssd.conf.5.xml:253
msgid "debug_timestamps (bool)"
msgstr "debug_timestamps (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
+#: sssd.conf.5.xml:256
msgid "Add a timestamp to the debug messages"
msgstr "デバッグメッセージに日時を追加します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:393 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:408 sssd.conf.5.xml:793
+#: sssd-ldap.5.xml:1399 sssd-ldap.5.xml:1525 sssd-ipa.5.xml:225
+#: sssd-ipa.5.xml:260
msgid "Default: true"
msgstr "初期値: true"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
+#: sssd.conf.5.xml:264
msgid "debug_microseconds (bool)"
msgstr "debug_microseconds (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
+#: sssd.conf.5.xml:267
msgid "Add microseconds to the timestamp in debug messages"
msgstr "デバッグメッセージの日時にマイクロ秒を追加します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:658 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:270 sssd.conf.5.xml:740 sssd.conf.5.xml:1368
+#: sssd-ldap.5.xml:620 sssd-ldap.5.xml:1312 sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1468 sssd-ldap.5.xml:1874 sssd-ipa.5.xml:123
+#: sssd-ipa.5.xml:320 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269
+#: sssd-krb5.5.xml:418
msgid "Default: false"
msgstr "初期値: false"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
+#: sssd.conf.5.xml:275
+msgid "timeout (integer)"
+msgstr "timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:278
+msgid ""
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:283 sssd-ldap.5.xml:1183
+msgid "Default: 10"
+msgstr "初期値: 10"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:301
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:304
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -577,39 +622,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:282
+#: sssd.conf.5.xml:313
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:287
-msgid "command (string)"
-msgstr "command (文字列)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:290
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>. This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-"初期状態で、このサービスを代表する実行可能なものは <command>sssd_"
-"${service_name}</command> と呼ばれます。このディレクティブにより、サービスの"
-"実行可能なものの名前を変更できます。設定の大半は、初期値で十分です。"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr "初期値: <command>sssd_${service_name}</command>"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:306
+#: sssd.conf.5.xml:321
msgid "NSS configuration options"
msgstr "NSS 設定オプション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:308
+#: sssd.conf.5.xml:323
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
@@ -617,12 +640,12 @@ msgstr ""
"きます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:313
+#: sssd.conf.5.xml:328
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316
+#: sssd.conf.5.xml:331
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
@@ -631,17 +654,17 @@ msgstr ""
"要求)。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:335
msgid "Default: 120"
msgstr "初期値: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:325
+#: sssd.conf.5.xml:340
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:328
+#: sssd.conf.5.xml:343
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -652,7 +675,7 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:349
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -667,7 +690,7 @@ msgstr ""
"とをブロックする必要がありません。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:359
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -680,17 +703,17 @@ msgstr ""
"(0 はこの機能を無効にします)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:352
+#: sssd.conf.5.xml:367
msgid "Default: 50"
msgstr "初期値: 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:357
+#: sssd.conf.5.xml:372
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:375
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -701,17 +724,17 @@ msgstr ""
"せ)をキャッシュする秒数を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:686 sssd-krb5.5.xml:223
+#: sssd.conf.5.xml:381 sssd.conf.5.xml:768 sssd-krb5.5.xml:223
msgid "Default: 15"
msgstr "初期値: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:371
+#: sssd.conf.5.xml:386
msgid "filter_users, filter_groups (string)"
msgstr "filter_users, filter_groups (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:374
+#: sssd.conf.5.xml:389
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -724,17 +747,17 @@ msgstr ""
"飾名を含めることができます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:396
msgid "Default: root"
msgstr "初期値: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:401
msgid "filter_users_in_groups (bool)"
msgstr "filter_users_in_groups (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:389
+#: sssd.conf.5.xml:404
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
@@ -742,62 +765,62 @@ msgstr ""
"ションを偽に設定します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398
+#: sssd.conf.5.xml:413
msgid "override_homedir (string)"
msgstr "override_homedir (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:166
+#: sssd.conf.5.xml:422 sssd-krb5.5.xml:166
msgid "%u"
msgstr "%u"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd-krb5.5.xml:167
+#: sssd.conf.5.xml:423 sssd-krb5.5.xml:167
msgid "login name"
msgstr "ログイン名"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:411 sssd-krb5.5.xml:170
+#: sssd.conf.5.xml:426 sssd-krb5.5.xml:170
msgid "%U"
msgstr "%U"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:412
+#: sssd.conf.5.xml:427
msgid "UID number"
msgstr "UID 番号"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:415 sssd-krb5.5.xml:188
+#: sssd.conf.5.xml:430 sssd-krb5.5.xml:188
msgid "%d"
msgstr "%d"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:416
+#: sssd.conf.5.xml:431
msgid "domain name"
msgstr "ドメイン名"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:419
+#: sssd.conf.5.xml:434
msgid "%f"
msgstr "%f"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:435
msgid "fully qualified user name (user@domain)"
msgstr "完全修飾ユーザー名 (user@domain)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:423 sssd-krb5.5.xml:200
+#: sssd.conf.5.xml:438 sssd-krb5.5.xml:200
msgid "%%"
msgstr "%%"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424 sssd-krb5.5.xml:201
+#: sssd.conf.5.xml:439 sssd-krb5.5.xml:201
msgid "a literal '%'"
msgstr "文字 '%'"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:401
+#: sssd.conf.5.xml:416
msgid ""
"Override the user's home directory. You can either provide an absolute value "
"or a template. In the template, the following sequences are substituted: "
@@ -808,17 +831,42 @@ msgstr ""
"type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430
+#: sssd.conf.5.xml:445
msgid "This option can also be set per-domain."
msgstr "このオプションはドメインごとに設定できます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:450
+#, fuzzy
+#| msgid "mail_dir (string)"
+msgid "fallback_homedir (string)"
+msgstr "mail_dir (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:453
+msgid ""
+"Set a default template for a user's home directory if one is not specified "
+"explicitly by the domain's data provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:458
+msgid ""
+"The available values for this option are the same as for override_homedir."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:462
+msgid "Default: not set (no substitution for unset home directories)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:468
msgid "allowed_shells (string)"
msgstr "allowed_shells (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
+#: sssd.conf.5.xml:471
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
@@ -826,13 +874,13 @@ msgstr ""
"す:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
+#: sssd.conf.5.xml:474
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
"1. シェルが <quote>/etc/shells</quote> に存在すると、それが使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
+#: sssd.conf.5.xml:478
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
@@ -841,7 +889,7 @@ msgstr ""
"ば、shell_fallback パラメーターの値を使用します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:483
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
@@ -850,12 +898,12 @@ msgstr ""
"ば、nologin シェルが使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:455
+#: sssd.conf.5.xml:488
msgid "An empty string for shell is passed as-is to libc."
msgstr "シェルの空文字列は libc にそのまま渡されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:458
+#: sssd.conf.5.xml:491
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
@@ -865,27 +913,27 @@ msgstr ""
"ます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:462
+#: sssd.conf.5.xml:495
msgid "Default: Not set. The user shell is automatically used."
msgstr "初期値: 設定されません。ユーザーシェルが自動的に使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:500
msgid "vetoed_shells (string)"
msgstr "vetoed_shells (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:503
msgid "Replace any instance of these shells with the shell_fallback"
msgstr "これらのシェルのインスタンスをすべて shell_fallback に置き換えます"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:475
+#: sssd.conf.5.xml:508
msgid "shell_fallback (string)"
msgstr "shell_fallback (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:511
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
@@ -893,17 +941,52 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
+#: sssd.conf.5.xml:515
msgid "Default: /bin/sh"
msgstr "初期値: /bin/sh"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:520
+#, fuzzy
+#| msgid "default_shell (string)"
+msgid "default_shell"
+msgstr "default_shell (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:523
+msgid ""
+"The default shell to use if the provider does not return one during lookup. "
+"This option supercedes any other shell options if it takes effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:528
+msgid ""
+"Default: not set (Return NULL if no shell is specified and rely on libc to "
+"substitute something sensible when necessary, usually /bin/sh)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:535 sssd.conf.5.xml:683
+#, fuzzy
+#| msgid "entry_negative_timeout (integer)"
+msgid "get_domains_timeout (int)"
+msgstr "entry_negative_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:538 sssd.conf.5.xml:686
+msgid ""
+"Specifies time in seconds for which the list of subdomains will be "
+"considered valid."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:489
+#: sssd.conf.5.xml:549
msgid "PAM configuration options"
msgstr "PAM 設定オプション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:491
+#: sssd.conf.5.xml:551
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
@@ -912,12 +995,12 @@ msgstr ""
"ために使用できます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:556
msgid "offline_credentials_expiration (integer)"
msgstr "offline_credentials_expiration (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:499
+#: sssd.conf.5.xml:559
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
@@ -926,17 +1009,17 @@ msgstr ""
"ラインログインの最終成功からの日数)です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504 sssd.conf.5.xml:517
+#: sssd.conf.5.xml:564 sssd.conf.5.xml:577
msgid "Default: 0 (No limit)"
msgstr "初期値: 0 (無制限)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:570
msgid "offline_failed_login_attempts (integer)"
msgstr "offline_failed_login_attempts (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:513
+#: sssd.conf.5.xml:573
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
@@ -944,12 +1027,12 @@ msgstr ""
"認証プロバイダーがオフラインの場合、ログイン試行の失敗が許容される回数です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:523
+#: sssd.conf.5.xml:583
msgid "offline_failed_login_delay (integer)"
msgstr "offline_failed_login_delay (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:586
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
@@ -958,7 +1041,7 @@ msgstr ""
"渡される分単位の時間です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:591
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -969,17 +1052,17 @@ msgstr ""
"効にできます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537 sssd.conf.5.xml:590 sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:597 sssd.conf.5.xml:650 sssd.conf.5.xml:1315
msgid "Default: 5"
msgstr "初期値: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:603
msgid "pam_verbosity (integer)"
msgstr "pam_verbosity (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:606
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
@@ -988,42 +1071,42 @@ msgstr ""
"きいほどメッセージが表示されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:611
msgid "Currently sssd supports the following values:"
msgstr "現在 sssd は以下の値をサポートします:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:554
+#: sssd.conf.5.xml:614
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr "<emphasis>0</emphasis>: 何もメッセージを表示しない"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:557
+#: sssd.conf.5.xml:617
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr "<emphasis>1</emphasis>: 重要なメッセージのみを表示する"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:621
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr "<emphasis>2</emphasis>: 情報レベルのメッセージを表示する"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:624
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr "<emphasis>3</emphasis>: すべてのメッセージとデバッグ情報を表示する"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:568 sssd.8.xml:63
+#: sssd.conf.5.xml:628 sssd.8.xml:63
msgid "Default: 1"
msgstr "初期値: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:573
+#: sssd.conf.5.xml:633
msgid "pam_id_timeout (integer)"
msgstr "pam_id_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:636
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1033,7 +1116,7 @@ msgstr ""
"されるよう、SSSD は直ちにキャッシュされた識別情報を更新しようとします。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
+#: sssd.conf.5.xml:642
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1046,17 +1129,17 @@ msgstr ""
"アプリケーションごとに)制御します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:656
msgid "pam_pwd_expiration_warning (integer)"
msgstr "pam_pwd_expiration_warning (整数)"
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:659 sssd.conf.5.xml:972
msgid "Display a warning N days before the password expires."
msgstr "パスワードの期限が切れる前に N 日間警告を表示します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:662
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1065,28 +1148,42 @@ msgstr ""
"バックエンドのサーバーがパスワードの有効期間に関する情報を提供する必要がある"
"ことに注意してください。この情報がなければ、sssd は警告を表示します。"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:668 sssd.conf.5.xml:975
+msgid ""
+"If zero is set, then this filter is not applied, i.e. if the expiration "
+"warning was received from backend server, it will automatically be displayed."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:608
-msgid "Default: 7"
-msgstr "初期値: 7"
+#: sssd.conf.5.xml:673
+msgid ""
+"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
+"emphasis> for a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:678 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "初期値: 0"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:616
+#: sssd.conf.5.xml:698
msgid "SUDO configuration options"
msgstr "SUDO 設定オプション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:618
+#: sssd.conf.5.xml:700
msgid "These options can be used to configure the sudo service."
msgstr "これらのオプションは sudo サービスを設定するために使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:707
msgid "sudo_cache_timeout (integer)"
msgstr "sudo_cache_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:710
msgid ""
"For any sudo request that comes while SSSD is online, the SSSD will attempt "
"to update the cached rules in order to ensure that sudo has the latest "
@@ -1096,7 +1193,7 @@ msgstr ""
"セットを持つよう、SSSD はキャッシュされたルールを更新しようとします。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:716
msgid ""
"The user may, however, run a couple of sudo commands successively, which "
"would trigger multiple LDAP requests. In order to speed up this use-case, "
@@ -1108,7 +1205,7 @@ msgstr ""
"応答を返すために使用されるインメモリーキャッシュを保持します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:641
+#: sssd.conf.5.xml:723
msgid ""
"This option controls how long (in seconds) can the sudo service cache rules "
"for a user."
@@ -1117,17 +1214,17 @@ msgstr ""
"位)を制御します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:727
msgid "Default: 180"
msgstr "初期値: 180"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:732
msgid "sudo_timed (bool)"
msgstr "sudo_timed (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:735
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
@@ -1136,22 +1233,22 @@ msgstr ""
"を評価するかしないかです。"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:748
msgid "AUTOFS configuration options"
msgstr "Autofs 設定オプション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:750
msgid "These options can be used to configure the autofs service."
msgstr "これらのオプションが autofs サービスを設定するために使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:676
+#: sssd.conf.5.xml:758
msgid "autofs_negative_timeout (integer)"
msgstr "autofs_negative_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:679
+#: sssd.conf.5.xml:761
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1161,18 +1258,46 @@ msgstr ""
"効なマップエントリーに対する問い合わせ)が再びバックエンドに問い合わせる前に"
"ヒットする秒数を指定します。"
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:776
+#, fuzzy
+#| msgid "NSS configuration options"
+msgid "SSH configuration options"
+msgstr "NSS 設定オプション"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:778
+#, fuzzy
+#| msgid "These options can be used to configure the sudo service."
+msgid "These options can be used to configure the SSH service."
+msgstr "これらのオプションは sudo サービスを設定するために使用されます。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:786
+#, fuzzy
+#| msgid "sss_ssh_knownhostsproxy"
+msgid "ssh_hash_known_hosts (bool)"
+msgstr "sss_ssh_knownhostsproxy"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:789
+msgid ""
+"Whether or not to hash host names and adresses in the managed known_hosts "
+"file."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:803
msgid "DOMAIN SECTIONS"
msgstr "ドメインセクション"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:810
msgid "min_id,max_id (integer)"
msgstr "min_id,max_id (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:706
+#: sssd.conf.5.xml:813
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
@@ -1181,7 +1306,7 @@ msgstr ""
"トリーを含む場合、それは無視されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:711
+#: sssd.conf.5.xml:818
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1193,36 +1318,17 @@ msgstr ""
"バーに対して、範囲内にあるものは予期されたものとして報告されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:825
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "初期値: min_id は 1, max_id は 0 (無制限)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
-msgid "timeout (integer)"
-msgstr "timeout (整数)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
-msgid ""
-"Timeout in seconds between heartbeats for this domain. This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-"このドメインに対するハートビート間隔(秒単位)。バックエンドのプロセスが有効"
-"であり、要求に答えられる能力があることを確実にするために使用されます。"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr "初期値: 10"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:738
+#: sssd.conf.5.xml:831
msgid "enumerate (bool)"
msgstr "enumerate (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:834
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
@@ -1231,22 +1337,22 @@ msgstr ""
"必要があります:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:745
+#: sssd.conf.5.xml:838
msgid "TRUE = Users and groups are enumerated"
msgstr "TRUE = ユーザーとグループが列挙されます"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:841
msgid "FALSE = No enumerations for this domain"
msgstr "FALSE = このドメインに対して列挙しません"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:856 sssd.conf.5.xml:910
+#: sssd.conf.5.xml:844 sssd.conf.5.xml:949 sssd.conf.5.xml:1031
msgid "Default: FALSE"
msgstr "初期値: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:754
+#: sssd.conf.5.xml:847
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1260,7 +1366,7 @@ msgstr ""
"は遅いかもしれません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:764
+#: sssd.conf.5.xml:857
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
@@ -1269,7 +1375,7 @@ msgstr ""
"れが完了するまで結果を返しません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:862
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1282,12 +1388,12 @@ msgstr ""
"てください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:873
msgid "entry_cache_timeout (integer)"
msgstr "entry_cache_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:876
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
@@ -1296,17 +1402,17 @@ msgstr ""
"数です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:880
msgid "Default: 5400"
msgstr "初期値: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:886
msgid "entry_cache_user_timeout (integer)"
msgstr "entry_cache_user_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796
+#: sssd.conf.5.xml:889
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
@@ -1315,18 +1421,18 @@ msgstr ""
"考える秒数です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800 sssd.conf.5.xml:813 sssd.conf.5.xml:826
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:893 sssd.conf.5.xml:906 sssd.conf.5.xml:919
+#: sssd.conf.5.xml:932
msgid "Default: entry_cache_timeout"
msgstr "初期値: entry_cache_timeout"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:899
msgid "entry_cache_group_timeout (integer)"
msgstr "entry_cache_group_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:902
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
@@ -1335,12 +1441,12 @@ msgstr ""
"考える秒数です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:819
+#: sssd.conf.5.xml:912
msgid "entry_cache_netgroup_timeout (integer)"
msgstr "entry_cache_netgroup_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:915
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
@@ -1349,12 +1455,12 @@ msgstr ""
"有効であると考える秒数です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:925
msgid "entry_cache_service_timeout (integer)"
msgstr "entry_cache_service_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:928
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
@@ -1363,30 +1469,30 @@ msgstr ""
"考える秒数です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:938
msgid "cache_credentials (bool)"
msgstr "cache_credentials (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:941
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
"ユーザーのクレディンシャルがローカル LDB キャッシュにキャッシュされるかどうか"
"を決めます"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:945
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
"ユーザーのクレディンシャルが、平文ではなく SHA512 ハッシュで保存されます"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:861
+#: sssd.conf.5.xml:954
msgid "account_cache_expiration (integer)"
msgstr "account_cache_expiration (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:957
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1398,48 +1504,85 @@ msgstr ""
"offline_credentials_expiration と同等以上でなければいけません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:964
msgid "Default: 0 (unlimited)"
msgstr "初期値: 0 (無制限)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:969
+#, fuzzy
+#| msgid "pam_pwd_expiration_warning (integer)"
+msgid "pwd_expiration_warning (integer)"
+msgstr "pam_pwd_expiration_warning (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:980
+#, fuzzy
+#| msgid ""
+#| "Please note that the backend server has to provide information about the "
+#| "expiration time of the password. If this information is missing, sssd "
+#| "cannot display a warning."
+msgid ""
+"Please note that the backend server has to provide information about the "
+"expiration time of the password. If this information is missing, sssd "
+"cannot display a warning. Also an auth provider has to be configured for the "
+"backend."
+msgstr ""
+"バックエンドのサーバーがパスワードの有効期間に関する情報を提供する必要がある"
+"ことに注意してください。この情報がなければ、sssd は警告を表示します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:987
+#, fuzzy
+#| msgid "Default: memberHost"
+msgid "Default: 7 (Kerberos), 0 (LDAP)"
+msgstr "初期値: memberHost"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:993
msgid "id_provider (string)"
msgstr "id_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:880
+#: sssd.conf.5.xml:996
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
"このドメインに対して使用するデータプロバイダーの識別情報のバックエンドです。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:1000
msgid "Supported backends:"
msgstr "サポートするバックエンド:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:887
+#: sssd.conf.5.xml:1003
msgid "proxy: Support a legacy NSS provider"
msgstr "proxy: レガシーな NSS プロバイダーのサポート"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:890
+#: sssd.conf.5.xml:1006
msgid "local: SSSD internal local provider"
msgstr "local: SSSD 内部ローカルプロバイダー"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:1009
msgid "ldap: LDAP provider"
msgstr "ldap: LDAP プロバイダー"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:899
+#: sssd.conf.5.xml:1015
msgid "use_fully_qualified_names (bool)"
msgstr "use_fully_qualified_names (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:1018
+msgid ""
+"Use the full name and domain (as formatted by the domain's full_name_format) "
+"as the user's login name reported to NSS."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1023
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1452,12 +1595,12 @@ msgstr ""
"んが、<command>getent passwd test@LOCAL</command> は見つけられます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:915
+#: sssd.conf.5.xml:1036
msgid "auth_provider (string)"
msgstr "auth_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:918
+#: sssd.conf.5.xml:1039
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
@@ -1466,7 +1609,7 @@ msgstr ""
"ダーは次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
+#: sssd.conf.5.xml:1043
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1477,7 +1620,7 @@ msgstr ""
"manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:929
+#: sssd.conf.5.xml:1050
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1488,19 +1631,19 @@ msgstr ""
"manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:1057
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
"<quote>proxy</quote> はいくつかの他の PAM ターゲットに認証を中継します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1060
msgid "<quote>none</quote> disables authentication explicitly."
msgstr "<quote>none</quote> は明示的に認証を無効化します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1063
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
@@ -1509,12 +1652,12 @@ msgstr ""
"ならば、それが使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:1069
msgid "access_provider (string)"
msgstr "access_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:951
+#: sssd.conf.5.xml:1072
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1525,17 +1668,19 @@ msgstr ""
"えます)。内部の特別プロバイダーは次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
-msgid "<quote>permit</quote> always allow access."
-msgstr "<quote>permit</quote> は常にアクセスを許可します。"
+#: sssd.conf.5.xml:1078
+msgid ""
+"<quote>permit</quote> always allow access. It's the only permitted access "
+"provider for a local domain."
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:960
+#: sssd.conf.5.xml:1081
msgid "<quote>deny</quote> always deny access."
msgstr "<quote>deny</quote> は常にアクセスを拒否します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1084
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1548,17 +1693,17 @@ msgstr ""
"citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1091
msgid "Default: <quote>permit</quote>"
msgstr "初期値: <quote>permit</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1096
msgid "chpass_provider (string)"
msgstr "chpass_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:978
+#: sssd.conf.5.xml:1099
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
@@ -1567,7 +1712,7 @@ msgstr ""
"パスワード変更プロバイダーは次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1104
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1578,7 +1723,7 @@ msgstr ""
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:991
+#: sssd.conf.5.xml:1112
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1589,7 +1734,7 @@ msgstr ""
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1120
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1600,7 +1745,7 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1007
+#: sssd.conf.5.xml:1128
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
@@ -1608,12 +1753,12 @@ msgstr ""
"します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1011
+#: sssd.conf.5.xml:1132
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr "<quote>none</quote> は明示的にパスワードの変更を無効化します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1135
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
@@ -1622,19 +1767,19 @@ msgstr ""
"うことができるならば、それが使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1021
+#: sssd.conf.5.xml:1142
msgid "sudo_provider (string)"
msgstr "sudo_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1148
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
"ドメインに使用される SUDO プロバイダーです。サポートされる SUDO プロバイダー"
"は次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1031
+#: sssd.conf.5.xml:1152
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1645,23 +1790,23 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry> を参照します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
+#: sssd.conf.5.xml:1159
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr "<quote>none</quote> は SUDO を明示的に無効化します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1041
+#: sssd.conf.5.xml:1162 sssd.conf.5.xml:1246 sssd.conf.5.xml:1271
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
"初期値: <quote>id_provider</quote> の値が設定されていると使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1047
+#: sssd.conf.5.xml:1168
msgid "session_provider (string)"
msgstr "session_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1171
msgid ""
"The provider which should handle loading of session settings. Supported "
"session providers are:"
@@ -1670,7 +1815,7 @@ msgstr ""
"ンプロバイダーは次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1055
+#: sssd.conf.5.xml:1176
msgid ""
"<quote>ipa</quote> to load session settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1681,13 +1826,13 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1184
msgid "<quote>none</quote> disallows fetching session settings explicitly."
msgstr ""
"<quote>none</quote> はセッションの設定の取り出しを明示的に無効化します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1187
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"session loading requests."
@@ -1696,12 +1841,122 @@ msgstr ""
"いできる場合、それが使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1193
+#, fuzzy
+#| msgid "sudo_provider (string)"
+msgid "subdomains_provider (string)"
+msgstr "sudo_provider (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1196
+#, fuzzy
+#| msgid ""
+#| "The provider which should handle loading of session settings. Supported "
+#| "session providers are:"
+msgid ""
+"The provider which should handle fetching of subdomains. This value should "
+"be always the same as id_provider. Supported subdomain providers are:"
+msgstr ""
+"セッションの設定の読み込みを処理するプロバイダーです。サポートされるセッショ"
+"ンプロバイダーは次のとおりです:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1201
+#, fuzzy
+#| msgid ""
+#| "<quote>ipa</quote> to load session settings from an IPA server. See "
+#| "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> for more information on configuring IPA."
+msgid ""
+"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+"<quote>ipa</quote> は IPA サーバーからセッションの設定を読み込みます。IPA の"
+"設定に関する詳細は <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1209
+#, fuzzy
+#| msgid "<quote>none</quote> disallows fetching session settings explicitly."
+msgid "<quote>none</quote> disallows fetching subdomains explicitly."
+msgstr ""
+"<quote>none</quote> はセッションの設定の取り出しを明示的に無効化します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1212 sssd-ldap.5.xml:1499
+msgid "Default: none"
+msgstr "初期値: none"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1218
+msgid "autofs_provider (string)"
+msgstr "autofs_provider (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1224
+msgid ""
+"The autofs provider used for the domain. Supported autofs providers are:"
+msgstr ""
+"ドメインに対して使用される autofs プロバイダーです。 サポートされる autofs "
+"プロバイダーは次のとおりです:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1228
+msgid ""
+"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1235
+msgid ""
+"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
+"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1243
+msgid "<quote>none</quote> disables autofs explicitly."
+msgstr "<quote>none</quote> は明示的に autofs を無効にします。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1253
+msgid "hostid_provider (string)"
+msgstr "hostid_provider (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1256
+msgid ""
+"The provider used for retrieving host identity information. Supported "
+"hostid providers are:"
+msgstr ""
+"ホスト識別情報を取得するために使用されるプロバイダーです。 サポートされる "
+"hostid プロバイダーは次のとおりです:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1260
+msgid ""
+"<quote>ipa</quote> to load host identity stored in an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1268
+msgid "<quote>none</quote> disables hostid explicitly."
+msgstr "<quote>none</quote> は明示的に hostid を無効にします。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1278
msgid "lookup_family_order (string)"
msgstr "lookup_family_order (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1076
+#: sssd.conf.5.xml:1281
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
@@ -1710,46 +1965,46 @@ msgstr ""
"します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1285
msgid "Supported values:"
msgstr "サポートする値:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1083
+#: sssd.conf.5.xml:1288
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
"ipv4_first: IPv4 アドレスの検索を試行します。失敗すると IPv6 を試行します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1291
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
"ipv4_only: ホスト名を IPv4 アドレスに名前解決することのみを試行します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1294
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
"ipv6_first: IPv6 アドレスの検索を試行します。失敗すると IPv4 を試行します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1092
+#: sssd.conf.5.xml:1297
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
"ipv6_only: ホスト名を IPv6 アドレスに名前解決することのみを試行します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1095
+#: sssd.conf.5.xml:1300
msgid "Default: ipv4_first"
msgstr "初期値: ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1306
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1104
+#: sssd.conf.5.xml:1309
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1760,12 +2015,12 @@ msgstr ""
"ドにて操作を継続します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1321
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1324
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
@@ -1774,27 +2029,27 @@ msgstr ""
"イン部分を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1328
msgid "Default: Use the domain part of machine's hostname"
msgstr "初期値: マシンのホスト名のドメイン部分を使用します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1129
+#: sssd.conf.5.xml:1334
msgid "override_gid (integer)"
msgstr "override_gid (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1337
msgid "Override the primary GID value with the one specified."
msgstr "プライマリー GID の値を指定されたもので上書きします。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1138
+#: sssd.conf.5.xml:1343
msgid "case_sensitive (boolean)"
msgstr "case_sensitive (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1346
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
@@ -1803,12 +2058,46 @@ msgstr ""
"このオプションはローカルプロバイダーにおいてサポートされません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1351
msgid "Default: True"
msgstr "初期値: True"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1357
+msgid "proxy_fast_alias (boolean)"
+msgstr "proxy_fast_alias (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1360
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1374
+#, fuzzy
+#| msgid "override_homedir (string)"
+msgid "subdomain_homedir (string)"
+msgstr "override_homedir (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1377
+msgid ""
+"Use this homedir as default value for all subdomains within this domain. See "
+"<emphasis>override_homedir</emphasis> for info about possible values."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1382
+msgid ""
+"The value can be overridden by <emphasis>override_homedir</emphasis> option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:805
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1819,17 +2108,17 @@ msgstr ""
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1395
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1398
msgid "The proxy target PAM proxies to."
msgstr "中継するプロキシターゲット PAM です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1401
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
@@ -1838,12 +2127,12 @@ msgstr ""
"をここに追加する必要があります。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1409
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1412
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1854,7 +2143,7 @@ msgstr ""
"_nss_files_getpwent です。"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1154
+#: sssd.conf.5.xml:1391
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
@@ -1863,12 +2152,12 @@ msgstr ""
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1187
+#: sssd.conf.5.xml:1424
msgid "The local domain section"
msgstr "ローカルドメインのセクション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1426
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1879,27 +2168,27 @@ msgstr ""
"メインに対する設定を含みます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1433
msgid "default_shell (string)"
msgstr "default_shell (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1436
msgid "The default shell for users created with SSSD userspace tools."
msgstr "SSSD ユーザー空間ツールを用いて作成されたユーザーの初期シェルです。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1440
msgid "Default: <filename>/bin/bash</filename>"
msgstr "初期値: <filename>/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1445
msgid "base_directory (string)"
msgstr "base_directory (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211
+#: sssd.conf.5.xml:1448
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
@@ -1908,17 +2197,17 @@ msgstr ""
"ホームディレクトリーとして使用します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1453
msgid "Default: <filename>/home</filename>"
msgstr "初期値: <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1221
+#: sssd.conf.5.xml:1458
msgid "create_homedir (bool)"
msgstr "create_homedir (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1224
+#: sssd.conf.5.xml:1461
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
@@ -1927,17 +2216,17 @@ msgstr ""
"す。コマンドラインにおいて上書きできます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1228 sssd.conf.5.xml:1240
+#: sssd.conf.5.xml:1465 sssd.conf.5.xml:1477
msgid "Default: TRUE"
msgstr "初期値: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1470
msgid "remove_homedir (bool)"
msgstr "remove_homedir (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1473
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
@@ -1946,12 +2235,12 @@ msgstr ""
"す。コマンドラインにおいて上書きできます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1245
+#: sssd.conf.5.xml:1482
msgid "homedir_umask (integer)"
msgstr "homedir_umask (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1248
+#: sssd.conf.5.xml:1485
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1962,17 +2251,17 @@ msgstr ""
"manvolnum> </citerefentry> により使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1256
+#: sssd.conf.5.xml:1493
msgid "Default: 077"
msgstr "初期値: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1498
msgid "skel_dir (string)"
msgstr "skel_dir (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1501
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1985,17 +2274,17 @@ msgstr ""
"を含む、スケルトンディレクトリーです。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1274
+#: sssd.conf.5.xml:1511
msgid "Default: <filename>/etc/skel</filename>"
msgstr "初期値: <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1516
msgid "mail_dir (string)"
msgstr "mail_dir (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1519
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2006,17 +2295,17 @@ msgstr ""
"が使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1289
+#: sssd.conf.5.xml:1526
msgid "Default: <filename>/var/mail</filename>"
msgstr "初期値: <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1531
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1297
+#: sssd.conf.5.xml:1534
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2027,18 +2316,18 @@ msgstr ""
"せん。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1540
msgid "Default: None, no command is run"
msgstr "初期値: なし、コマンドを実行しません"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1313 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1550 sssd-ldap.5.xml:2145 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:563 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr "例"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1319
+#: sssd.conf.5.xml:1556
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2092,7 +2381,7 @@ msgstr ""
"enumerate = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1552
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2104,7 +2393,7 @@ msgstr ""
"<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1587
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -2337,16 +2626,28 @@ msgstr "ldap_schema (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:161
+#, fuzzy
+#| msgid ""
+#| "Specifies the Schema Type in use on the target LDAP server. Depending on "
+#| "the selected schema, the default attribute names retrieved from the "
+#| "servers may vary. The way that some attributes are handled may also "
+#| "differ. Three schema types are currently supported: rfc2307 rfc2307bis "
+#| "IPA The main difference between these schema types is how group "
+#| "memberships are recorded in the server. With rfc2307, group members are "
+#| "listed by name in the <emphasis>memberUid</emphasis> attribute. With "
+#| "rfc2307bis and IPA, group members are listed by DN and stored in the "
+#| "<emphasis>member</emphasis> attribute."
msgid ""
"Specifies the Schema Type in use on the target LDAP server. Depending on "
"the selected schema, the default attribute names retrieved from the servers "
-"may vary. The way that some attributes are handled may also differ. Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
+"may vary. The way that some attributes are handled may also differ. Four "
+"schema types are currently supported: rfc2307 rfc2307bis IPA AD The main "
"difference between these schema types is how group memberships are recorded "
"in the server. With rfc2307, group members are listed by name in the "
"<emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, group "
"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
+"attribute. The AD schema type sets the attributes to correspond with Active "
+"Directory 2008r2 values."
msgstr ""
"ターゲット LDAP サーバーにおいて使用中のスキーマ形式を指定します。選択された"
"スキーマに応じて、サーバーから取得される属性名の初期変わります。処理されるい"
@@ -2358,57 +2659,57 @@ msgstr ""
"化され、<emphasis>member</emphasis> 属性に保存されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
+#: sssd-ldap.5.xml:183
msgid "Default: rfc2307"
msgstr "初期値: rfc2307"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
+#: sssd-ldap.5.xml:189
msgid "ldap_default_bind_dn (string)"
msgstr "ldap_default_bind_dn (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
+#: sssd-ldap.5.xml:192
msgid "The default bind DN to use for performing LDAP operations."
msgstr "LDAP ユーザー操作を実行するために使用される初期バインド DN です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
+#: sssd-ldap.5.xml:199
msgid "ldap_default_authtok_type (string)"
msgstr "ldap_default_authtok_type (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
+#: sssd-ldap.5.xml:202
msgid "The type of the authentication token of the default bind DN."
msgstr "初期バインド DN の認証トークンの形式です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
+#: sssd-ldap.5.xml:206
msgid "The two mechanisms currently supported are:"
msgstr "現在 2 つのメカニズムがサポートされます:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
+#: sssd-ldap.5.xml:209
msgid "password"
msgstr "password"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
+#: sssd-ldap.5.xml:212
msgid "obfuscated_password"
msgstr "obfuscated_password"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
+#: sssd-ldap.5.xml:215
msgid "Default: password"
msgstr "初期値: password"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
+#: sssd-ldap.5.xml:221
msgid "ldap_default_authtok (string)"
msgstr "ldap_default_authtok (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
+#: sssd-ldap.5.xml:224
msgid ""
"The authentication token of the default bind DN. Only clear text passwords "
"are currently supported."
@@ -2417,149 +2718,171 @@ msgstr ""
"在サポートされます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
+#: sssd-ldap.5.xml:231
msgid "ldap_user_object_class (string)"
msgstr "ldap_user_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
+#: sssd-ldap.5.xml:234
msgid "The object class of a user entry in LDAP."
msgstr "LDAP にあるユーザーエントリーのオブジェクトクラスです。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
+#: sssd-ldap.5.xml:237
msgid "Default: posixAccount"
msgstr "初期値: posixAccount"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
+#: sssd-ldap.5.xml:243
msgid "ldap_user_name (string)"
msgstr "ldap_user_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
+#: sssd-ldap.5.xml:246
msgid "The LDAP attribute that corresponds to the user's login name."
msgstr "ユーザーのログイン名に対応する LDAP の属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
+#: sssd-ldap.5.xml:250
msgid "Default: uid"
msgstr "初期値: uid"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
+#: sssd-ldap.5.xml:256
msgid "ldap_user_uid_number (string)"
msgstr "ldap_user_uid_number (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
+#: sssd-ldap.5.xml:259
msgid "The LDAP attribute that corresponds to the user's id."
msgstr "ユーザーの ID に対応する LDAP の属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
+#: sssd-ldap.5.xml:263
msgid "Default: uidNumber"
msgstr "初期値: uidNumber"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
+#: sssd-ldap.5.xml:269
msgid "ldap_user_gid_number (string)"
msgstr "ldap_user_gid_number (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
+#: sssd-ldap.5.xml:272
msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr "ユーザーのプライマリーグループ ID に対応する LDAP の属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
+#: sssd-ldap.5.xml:276 sssd-ldap.5.xml:758
msgid "Default: gidNumber"
msgstr "初期値: gidNumber"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
+#: sssd-ldap.5.xml:282
msgid "ldap_user_gecos (string)"
msgstr "ldap_user_gecos (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
+#: sssd-ldap.5.xml:285
msgid "The LDAP attribute that corresponds to the user's gecos field."
msgstr "ユーザーの gecos 項目に対応する LDAP の属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
+#: sssd-ldap.5.xml:289
msgid "Default: gecos"
msgstr "初期値: gecos"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
+#: sssd-ldap.5.xml:295
msgid "ldap_user_home_directory (string)"
msgstr "ldap_user_home_directory (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
+#: sssd-ldap.5.xml:298
msgid "The LDAP attribute that contains the name of the user's home directory."
msgstr "ユーザーのホームディレクトリーの名前を含む LDAP の属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
+#: sssd-ldap.5.xml:302
msgid "Default: homeDirectory"
msgstr "初期値: homeDirectory"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
+#: sssd-ldap.5.xml:308
msgid "ldap_user_shell (string)"
msgstr "ldap_user_shell (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
+#: sssd-ldap.5.xml:311
msgid "The LDAP attribute that contains the path to the user's default shell."
msgstr "ユーザーの初期シェルのパスを含む LDAP の属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
+#: sssd-ldap.5.xml:315
msgid "Default: loginShell"
msgstr "初期値: loginShell"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
+#: sssd-ldap.5.xml:321
msgid "ldap_user_uuid (string)"
msgstr "ldap_user_uuid (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
+#: sssd-ldap.5.xml:324
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr "LDAP ユーザーオブジェクトの UUID/GUID を含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
+#: sssd-ldap.5.xml:328 sssd-ldap.5.xml:784 sssd-ldap.5.xml:911
msgid "Default: nsUniqueId"
msgstr "初期値: nsUniqueId"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
+#: sssd-ldap.5.xml:334
+#, fuzzy
+#| msgid "ldap_user_object_class (string)"
+msgid "ldap_user_objectsid (string)"
+msgstr "ldap_user_object_class (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:337
+#, fuzzy
+#| msgid ""
+#| "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP user object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr "LDAP ユーザーオブジェクトの UUID/GUID を含む LDAP 属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:342 sssd-ldap.5.xml:798
+msgid "Default: objectSid for ActiveDirectory, not set for other servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:349
msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
+#: sssd-ldap.5.xml:352 sssd-ldap.5.xml:808 sssd-ldap.5.xml:920
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr "親オブジェクトの最終変更のタイムスタンプを含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
+#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:812 sssd-ldap.5.xml:927
msgid "Default: modifyTimestamp"
msgstr "初期値: modifyTimestamp"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
+#: sssd-ldap.5.xml:362
msgid "ldap_user_shadow_last_change (string)"
msgstr "ldap_user_shadow_last_change (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
+#: sssd-ldap.5.xml:365
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2572,17 +2895,17 @@ msgstr ""
"含みます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
+#: sssd-ldap.5.xml:375
msgid "Default: shadowLastChange"
msgstr "初期値: shadowLastChange"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
+#: sssd-ldap.5.xml:381
msgid "ldap_user_shadow_min (string)"
msgstr "ldap_user_shadow_min (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
+#: sssd-ldap.5.xml:384
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2595,17 +2918,17 @@ msgstr ""
"みます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
+#: sssd-ldap.5.xml:393
msgid "Default: shadowMin"
msgstr "初期値: shadowMin"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
+#: sssd-ldap.5.xml:399
msgid "ldap_user_shadow_max (string)"
msgstr "ldap_user_shadow_max (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
+#: sssd-ldap.5.xml:402
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2618,17 +2941,17 @@ msgstr ""
"みます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
+#: sssd-ldap.5.xml:411
msgid "Default: shadowMax"
msgstr "初期値: shadowMax"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
+#: sssd-ldap.5.xml:417
msgid "ldap_user_shadow_warning (string)"
msgstr "ldap_user_shadow_warning (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
+#: sssd-ldap.5.xml:420
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2641,17 +2964,17 @@ msgstr ""
"みます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
+#: sssd-ldap.5.xml:430
msgid "Default: shadowWarning"
msgstr "初期値: shadowWarning"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
+#: sssd-ldap.5.xml:436
msgid "ldap_user_shadow_inactive (string)"
msgstr "ldap_user_shadow_inactive (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
+#: sssd-ldap.5.xml:439
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2664,17 +2987,17 @@ msgstr ""
"みます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
+#: sssd-ldap.5.xml:449
msgid "Default: shadowInactive"
msgstr "初期値: shadowInactive"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
+#: sssd-ldap.5.xml:455
msgid "ldap_user_shadow_expire (string)"
msgstr "ldap_user_shadow_expire (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
+#: sssd-ldap.5.xml:458
msgid ""
"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
"parameter contains the name of an LDAP attribute corresponding to its "
@@ -2687,17 +3010,17 @@ msgstr ""
"ます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
+#: sssd-ldap.5.xml:468
msgid "Default: shadowExpire"
msgstr "初期値: shadowExpire"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
+#: sssd-ldap.5.xml:474
msgid "ldap_user_krb_last_pwd_change (string)"
msgstr "ldap_user_krb_last_pwd_change (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
+#: sssd-ldap.5.xml:477
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time of last password change in "
@@ -2707,17 +3030,17 @@ msgstr ""
"の最終パスワード変更日時を保存する LDAP 属性の名前を含みます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
+#: sssd-ldap.5.xml:483
msgid "Default: krbLastPwdChange"
msgstr "初期値: krbLastPwdChange"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
+#: sssd-ldap.5.xml:489
msgid "ldap_user_krb_password_expiration (string)"
msgstr "ldap_user_krb_password_expiration (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
+#: sssd-ldap.5.xml:492
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time when current password expires."
@@ -2726,17 +3049,17 @@ msgstr ""
"ワード失効日時を保存する LDAP 属性の名前を含みます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
+#: sssd-ldap.5.xml:498
msgid "Default: krbPasswordExpiration"
msgstr "初期値: krbPasswordExpiration"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
+#: sssd-ldap.5.xml:504
msgid "ldap_user_ad_account_expires (string)"
msgstr "ldap_user_ad_account_expires (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
+#: sssd-ldap.5.xml:507
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the expiration time of the account."
@@ -2745,17 +3068,17 @@ msgstr ""
"失効日時を保存する LDAP 属性の名前を含みます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
+#: sssd-ldap.5.xml:512
msgid "Default: accountExpires"
msgstr "初期値: accountExpires"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
+#: sssd-ldap.5.xml:518
msgid "ldap_user_ad_user_account_control (string)"
msgstr "ldap_user_ad_user_account_control (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
+#: sssd-ldap.5.xml:521
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the user account control bit field."
@@ -2764,17 +3087,17 @@ msgstr ""
"ウントの制御ビット項目を保存する LDAP 属性の名前を含みます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
+#: sssd-ldap.5.xml:526
msgid "Default: userAccountControl"
msgstr "初期値: userAccountControl"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
+#: sssd-ldap.5.xml:532
msgid "ldap_ns_account_lock (string)"
msgstr "ldap_ns_account_lock (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
+#: sssd-ldap.5.xml:535
msgid ""
"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
"determines if access is allowed or not."
@@ -2783,17 +3106,17 @@ msgstr ""
"ターがアクセスが許可されるかされないかを決定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
+#: sssd-ldap.5.xml:540
msgid "Default: nsAccountLock"
msgstr "初期値: nsAccountLock"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
+#: sssd-ldap.5.xml:546
msgid "ldap_user_nds_login_disabled (string)"
msgstr "ldap_user_nds_login_disabled (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
+#: sssd-ldap.5.xml:549
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines if "
"access is allowed or not."
@@ -2802,17 +3125,17 @@ msgstr ""
"かをこの属性が決定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
+#: sssd-ldap.5.xml:553 sssd-ldap.5.xml:567
msgid "Default: loginDisabled"
msgstr "初期値: loginDisabled"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
+#: sssd-ldap.5.xml:559
msgid "ldap_user_nds_login_expiration_time (string)"
msgstr "ldap_user_nds_login_expiration_time (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
+#: sssd-ldap.5.xml:562
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines until "
"which date access is granted."
@@ -2821,12 +3144,12 @@ msgstr ""
"いつまで許可されるのかを決定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
+#: sssd-ldap.5.xml:573
msgid "ldap_user_nds_login_allowed_time_map (string)"
msgstr "ldap_user_nds_login_allowed_time_map (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
+#: sssd-ldap.5.xml:576
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines the "
"hours of a day in a week when access is granted."
@@ -2835,44 +3158,44 @@ msgstr ""
"れるときの一週間の日の時間を決定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
+#: sssd-ldap.5.xml:581
msgid "Default: loginAllowedTimeMap"
msgstr "初期値: loginAllowedTimeMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
+#: sssd-ldap.5.xml:587
msgid "ldap_user_principal (string)"
msgstr "ldap_user_principal (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
+#: sssd-ldap.5.xml:590
msgid ""
"The LDAP attribute that contains the user's Kerberos User Principal Name "
"(UPN)."
msgstr "ユーザーの Kerberos User Principal Name (UPN) を含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
+#: sssd-ldap.5.xml:594
msgid "Default: krbPrincipalName"
msgstr "初期値: krbPrincipalName"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
+#: sssd-ldap.5.xml:600
msgid "ldap_user_ssh_public_key (string)"
msgstr "ldap_user_ssh_public_key (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
+#: sssd-ldap.5.xml:603
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr "ユーザーの SSH 公開鍵を含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
+#: sssd-ldap.5.xml:610
msgid "ldap_force_upper_case_realm (boolean)"
msgstr "ldap_force_upper_case_realm (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
+#: sssd-ldap.5.xml:613
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -2884,12 +3207,12 @@ msgstr ""
"場合、このオプションを 0 以外に設定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
+#: sssd-ldap.5.xml:626
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr "ldap_enumeration_refresh_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
+#: sssd-ldap.5.xml:629
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
@@ -2897,17 +3220,17 @@ msgstr ""
"SSSD が列挙レコードのキャッシュを更新する前に待つ必要がある秒数を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:634 sssd-ldap.5.xml:1887
msgid "Default: 300"
msgstr "初期値: 300"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
+#: sssd-ldap.5.xml:640
msgid "ldap_purge_cache_timeout (integer)"
msgstr "ldap_purge_cache_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
+#: sssd-ldap.5.xml:643
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -2918,54 +3241,54 @@ msgstr ""
"削除する間隔を決めます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
+#: sssd-ldap.5.xml:649
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr "キャッシュ削除操作を無効にする 0 をこのオプションを設定する方法です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
+#: sssd-ldap.5.xml:653
msgid "Default: 10800 (12 hours)"
msgstr "初期値: 10800 (12 時間)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
+#: sssd-ldap.5.xml:659
msgid "ldap_user_fullname (string)"
msgstr "ldap_user_fullname (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
+#: sssd-ldap.5.xml:662
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr "ユーザーの完全名に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
+#: sssd-ldap.5.xml:666 sssd-ldap.5.xml:745 sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:952 sssd-ldap.5.xml:1742 sssd-ldap.5.xml:1960
+#: sssd-ipa.5.xml:441
msgid "Default: cn"
msgstr "初期値: cn"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
+#: sssd-ldap.5.xml:672
msgid "ldap_user_member_of (string)"
msgstr "ldap_user_member_of (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
+#: sssd-ldap.5.xml:675
msgid "The LDAP attribute that lists the user's group memberships."
msgstr "ユーザーのグループメンバーを一覧にする LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
+#: sssd-ldap.5.xml:679 sssd-ipa.5.xml:345
msgid "Default: memberOf"
msgstr "初期値: memberOf"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
+#: sssd-ldap.5.xml:685
msgid "ldap_user_authorized_service (string)"
msgstr "ldap_user_authorized_service (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
+#: sssd-ldap.5.xml:688
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -2976,7 +3299,7 @@ msgstr ""
"authorizedService 属性を使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
+#: sssd-ldap.5.xml:695
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
@@ -2985,17 +3308,17 @@ msgstr ""
"索します。最後にすべて許可 (*) を検索します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:700
msgid "Default: authorizedService"
msgstr "初期値: authorizedService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
+#: sssd-ldap.5.xml:706
msgid "ldap_user_authorized_host (string)"
msgstr "ldap_user_authorized_host (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
+#: sssd-ldap.5.xml:709
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -3006,7 +3329,7 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
+#: sssd-ldap.5.xml:715
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
@@ -3015,82 +3338,99 @@ msgstr ""
"索します。最後にすべて許可 (*) が検索されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
+#: sssd-ldap.5.xml:720
msgid "Default: host"
msgstr "初期値: host"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:726
msgid "ldap_group_object_class (string)"
msgstr "ldap_group_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
+#: sssd-ldap.5.xml:729
msgid "The object class of a group entry in LDAP."
msgstr "LDAP にあるグループエントリーのオブジェクトクラスです。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
+#: sssd-ldap.5.xml:732
msgid "Default: posixGroup"
msgstr "初期値: posixGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:738
msgid "ldap_group_name (string)"
msgstr "ldap_group_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
+#: sssd-ldap.5.xml:741
msgid "The LDAP attribute that corresponds to the group name."
msgstr "グループ名に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:751
msgid "ldap_group_gid_number (string)"
msgstr "ldap_group_gid_number (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:754
msgid "The LDAP attribute that corresponds to the group's id."
msgstr "グループの ID に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
+#: sssd-ldap.5.xml:764
msgid "ldap_group_member (string)"
msgstr "ldap_group_member (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
+#: sssd-ldap.5.xml:767
msgid "The LDAP attribute that contains the names of the group's members."
msgstr "グループのメンバーの名前を含む LDAP の属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
+#: sssd-ldap.5.xml:771
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr "初期値: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
+#: sssd-ldap.5.xml:777
msgid "ldap_group_uuid (string)"
msgstr "ldap_group_uuid (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:780
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr "LDAP グループオブジェクトの UUID/GUID を含む LDAP の属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:790
+#, fuzzy
+#| msgid "ldap_group_object_class (string)"
+msgid "ldap_group_objectsid (string)"
+msgstr "ldap_group_object_class (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:793
+#, fuzzy
+#| msgid ""
+#| "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP group object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr "LDAP グループオブジェクトの UUID/GUID を含む LDAP の属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:805
msgid "ldap_group_modify_timestamp (string)"
msgstr "ldap_group_modify_timestamp (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:818
msgid "ldap_group_nesting_level (integer)"
msgstr "ldap_group_nesting_level (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:821
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -3101,74 +3441,74 @@ msgstr ""
"のオプションは RFC2307 スキーマにおいて効果がありません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
+#: sssd-ldap.5.xml:828
msgid "Default: 2"
msgstr "初期値: 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:834
msgid "ldap_netgroup_object_class (string)"
msgstr "ldap_netgroup_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
+#: sssd-ldap.5.xml:837
msgid "The object class of a netgroup entry in LDAP."
msgstr "LDAP にあるネットワークグループエントリーのオブジェクトクラスです。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
+#: sssd-ldap.5.xml:840
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
"IPA プロバイダーにおいては ipa_netgroup_object_class が代わりに使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:844
msgid "Default: nisNetgroup"
msgstr "初期値: nisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
+#: sssd-ldap.5.xml:850
msgid "ldap_netgroup_name (string)"
msgstr "ldap_netgroup_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
+#: sssd-ldap.5.xml:853
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr "ネットワークグループ名に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:857
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr "IPA プロバイダーにおいては ipa_netgroup_name が代わりに使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
+#: sssd-ldap.5.xml:867
msgid "ldap_netgroup_member (string)"
msgstr "ldap_netgroup_member (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
+#: sssd-ldap.5.xml:870
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr "ネットワークグループのメンバーの名前を含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
+#: sssd-ldap.5.xml:874
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
"IPA プロバイダーにおいては ipa_netgroup_member が代わりに使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:878
msgid "Default: memberNisNetgroup"
msgstr "初期値: memberNisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:884
msgid "ldap_netgroup_triple (string)"
msgstr "ldap_netgroup_triple (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
+#: sssd-ldap.5.xml:887
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
@@ -3176,110 +3516,110 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
+#: sssd-ldap.5.xml:891 sssd-ldap.5.xml:924
msgid "This option is not available in IPA provider."
msgstr "このオプションは IPA プロバイダーにおいて利用可能ではありません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:894
msgid "Default: nisNetgroupTriple"
msgstr "初期値: nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
+#: sssd-ldap.5.xml:900
msgid "ldap_netgroup_uuid (string)"
msgstr "ldap_netgroup_uuid (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
+#: sssd-ldap.5.xml:903
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
"LDAP ネットワークグループオブジェクトの UUID/GUID を含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
+#: sssd-ldap.5.xml:907
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr "IPA プロバイダーにおいては ipa_netgroup_uuid が代わりに使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
+#: sssd-ldap.5.xml:917
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:933
msgid "ldap_service_object_class (string)"
msgstr "ldap_service_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:936
msgid "The object class of a service entry in LDAP."
msgstr "LDAP にあるサービスエントリーのオブジェクトクラスです。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:939
msgid "Default: ipService"
msgstr "初期値: ipService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:945
msgid "ldap_service_name (string)"
msgstr "ldap_service_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:948
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr "サービス属性の名前とそのエイリアスを含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
+#: sssd-ldap.5.xml:958
msgid "ldap_service_port (string)"
msgstr "ldap_service_port (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
+#: sssd-ldap.5.xml:961
msgid "The LDAP attribute that contains the port managed by this service."
msgstr "このサービスにより管理されるポートを含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
+#: sssd-ldap.5.xml:965
msgid "Default: ipServicePort"
msgstr "初期値: ipServicePort"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
+#: sssd-ldap.5.xml:971
msgid "ldap_service_proto (string)"
msgstr "ldap_service_proto (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:974
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr "このサービスにより認識されるプロトコルを含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
+#: sssd-ldap.5.xml:978
msgid "Default: ipServiceProtocol"
msgstr "初期値: ipServiceProtocol"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
+#: sssd-ldap.5.xml:984
msgid "ldap_service_search_base (string)"
msgstr "ldap_service_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:987
msgid "An optional base DN to restrict service searches to a specific subtree."
msgstr ""
"サービス検索を指定したサブツリーに制限するためのオプションのベース DN です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
+#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1997 sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2035 sssd-ldap.5.xml:2098 sssd-ldap.5.xml:2120
+#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 sssd-ipa.5.xml:206
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
@@ -3288,19 +3628,19 @@ msgstr ""
"してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
+#: sssd-ldap.5.xml:996 sssd-ldap.5.xml:2002 sssd-ldap.5.xml:2021
+#: sssd-ldap.5.xml:2040 sssd-ldap.5.xml:2103 sssd-ldap.5.xml:2125
#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr "初期値: <emphasis>ldap_search_base</emphasis> の値"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
+#: sssd-ldap.5.xml:1003
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1006
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -3308,7 +3648,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
+#: sssd-ldap.5.xml:1012
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -3319,35 +3659,30 @@ msgstr ""
"かもしれません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
+#: sssd-ldap.5.xml:1018 sssd-ldap.5.xml:1060 sssd-ldap.5.xml:1075
msgid "Default: 6"
msgstr "初期値: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1024
msgid "ldap_enumeration_search_timeout (integer)"
msgstr "ldap_enumeration_search_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1027
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
"are returned (and offline mode is entered)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr "初期値: 60"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1040
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1043
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -3363,12 +3698,12 @@ msgstr ""
"citerefentry> が未使用を返した後のタイムアウト(秒単位)を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
+#: sssd-ldap.5.xml:1066
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
+#: sssd-ldap.5.xml:1069
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -3378,12 +3713,12 @@ msgstr ""
"を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1081
msgid "ldap_connection_expire_timeout (integer)"
msgstr "ldap_connection_expire_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1084
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -3392,17 +3727,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
+#: sssd-ldap.5.xml:1092
msgid "Default: 900 (15 minutes)"
msgstr "初期値: 900 (15 分)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1098
msgid "ldap_page_size (integer)"
msgstr "ldap_page_size (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
+#: sssd-ldap.5.xml:1101
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
@@ -3411,17 +3746,17 @@ msgstr ""
"バーは 1 要求あたりの最大数の制限を強制します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1106
msgid "Default: 1000"
msgstr "初期値: 1000"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr "ldap_disable_paging"
+#: sssd-ldap.5.xml:1112
+msgid "ldap_disable_paging (boolean)"
+msgstr "ldap_disable_paging (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1115
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -3432,7 +3767,7 @@ msgstr ""
"ことを報告する場合に、このオプションが使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
+#: sssd-ldap.5.xml:1121
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
@@ -3442,7 +3777,7 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1127
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -3452,13 +3787,36 @@ msgstr ""
"負荷の高いクライアントにおいては、いくつかの要求が拒否される結果になる可能性"
"があります。"
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1133 include/ldap_id_mapping.xml:184
+msgid "Default: False"
+msgstr "初期値: 偽"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1139
+msgid "ldap_sasl_minssf (integer)"
+msgstr "ldap_sasl_minssf (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1142
+msgid ""
+"When communicating with an LDAP server using SASL, specify the minimum "
+"security level necessary to establish the connection. The values of this "
+"option are defined by OpenLDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1148
+msgid "Default: Use the system default (usually specified by ldap.conf)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1155
msgid "ldap_deref_threshold (integer)"
msgstr "ldap_deref_threshold (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1158
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -3466,13 +3824,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1164
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1168
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -3481,7 +3839,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
+#: sssd-ldap.5.xml:1176
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -3489,12 +3847,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1189
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
+#: sssd-ldap.5.xml:1192
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
@@ -3503,7 +3861,7 @@ msgstr ""
"クするものを指定します。以下の値のうち 1 つを指定できます:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1198
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
@@ -3512,7 +3870,7 @@ msgstr ""
"確認しません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
+#: sssd-ldap.5.xml:1202
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3523,7 +3881,7 @@ msgstr ""
"無視され、セッションが通常通り進められます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1209
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3534,7 +3892,7 @@ msgstr ""
"ンが直ちに終了します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1215
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3544,22 +3902,22 @@ msgstr ""
"なければ、もしくは不正な証明書が提供されれば、セッションが直ちに終了します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1221
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr "<emphasis>hard</emphasis> = <quote>demand</quote> と同じです"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1225
msgid "Default: hard"
msgstr "初期値: hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
+#: sssd-ldap.5.xml:1231
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
+#: sssd-ldap.5.xml:1234
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
@@ -3569,7 +3927,7 @@ msgstr ""
"書を含むファイルを指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
+#: sssd-ldap.5.xml:1239 sssd-ldap.5.xml:1257 sssd-ldap.5.xml:1298
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
@@ -3578,12 +3936,12 @@ msgstr ""
"filename> にあります"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1246
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1249
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3596,38 +3954,39 @@ msgstr ""
"ます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1264
msgid "ldap_tls_cert (string)"
msgstr "ldap_tls_cert (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1267
msgid "Specifies the file that contains the certificate for the client's key."
msgstr "クライアントのキーに対する証明書を含むファイルを指定します。"
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1271 sssd-ldap.5.xml:1283 sssd-ldap.5.xml:1344
+#: sssd-ldap.5.xml:2058 sssd-ldap.5.xml:2085 sssd-krb5.5.xml:359
+#: include/ldap_id_mapping.xml:145 include/ldap_id_mapping.xml:156
msgid "Default: not set"
msgstr "初期値: 設定されません"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1277
msgid "ldap_tls_key (string)"
msgstr "ldap_tls_key (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1280
msgid "Specifies the file that contains the client's key."
msgstr "クライアントのキーを含むファイルを指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
+#: sssd-ldap.5.xml:1289
msgid "ldap_tls_cipher_suite (string)"
msgstr "ldap_tls_cipher_suite (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
+#: sssd-ldap.5.xml:1292
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3638,12 +3997,12 @@ msgstr ""
"<manvolnum>5</manvolnum></citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1305
msgid "ldap_id_use_start_tls (boolean)"
msgstr "ldap_id_use_start_tls (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1308
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
@@ -3652,12 +4011,32 @@ msgstr ""
"用する必要がある id_provider 接続を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1318
+#, fuzzy
+#| msgid "ldap_disable_paging (boolean)"
+msgid "ldap_id_mapping (boolean)"
+msgstr "ldap_disable_paging (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1321
+msgid ""
+"Specifies that SSSD should attempt to map user and group IDs from the "
+"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
+"on ldap_user_uid_number and ldap_group_gid_number."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1327
+msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1337
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1340
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
@@ -3665,18 +4044,13 @@ msgstr ""
"使用する SASL メカニズムを指定します。現在 GSSAPI のみがテストされサポートさ"
"れます。"
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr "初期値: none"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1350
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
+#: sssd-ldap.5.xml:1353
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
@@ -3685,17 +4059,17 @@ msgstr ""
"めに使用される Kerberos プリンシパルをディレクトリーに表現されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
+#: sssd-ldap.5.xml:1358
msgid "Default: host/machine.fqdn@REALM"
msgstr "初期値: host/machine.fqdn@REALM"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1364
msgid "ldap_sasl_canonicalize (boolean)"
msgstr "ldap_sasl_canonicalize (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
+#: sssd-ldap.5.xml:1367
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
@@ -3704,33 +4078,33 @@ msgstr ""
"するために逆引きを実行します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
+#: sssd-ldap.5.xml:1372
msgid "Default: false;"
msgstr "初期値: false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1378
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
+#: sssd-ldap.5.xml:1381
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr "SASL/GSSAPI を使用するときに使用するキーテーブルを指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1384
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
"初期値: システムのキーテーブル、通常 <filename>/etc/krb5.keytab</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
+#: sssd-ldap.5.xml:1390
msgid "ldap_krb5_init_creds (boolean)"
msgstr "ldap_krb5_init_creds (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
+#: sssd-ldap.5.xml:1393
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -3741,27 +4115,27 @@ msgstr ""
"ます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1405
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1408
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr "GSSAPI が使用されている場合、TGT の有効期間を秒単位で指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
+#: sssd-ldap.5.xml:1412
msgid "Default: 86400 (24 hours)"
msgstr "初期値: 86400 (24 時間)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1418 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr "krb5_server (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1421 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -3773,7 +4147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1433 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -3784,7 +4158,7 @@ msgstr ""
"ば _tcp にフォールバックします。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1438 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -3795,39 +4169,41 @@ msgstr ""
"quote> を使用するよう設定ファイルを移行することが推奨されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1447 sssd-ipa.5.xml:235 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1450
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr "(SASL/GSSAPI 認証向け) Kerberos レルムを指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
+#: sssd-ldap.5.xml:1453
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr "初期値: システムの初期値、<filename>/etc/krb5.conf</filename> 参照。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1459 sssd-ipa.5.xml:250 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1462
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
+"LDAP サーバーに接続するとき、ホストのプリンシパルが正規化されるかどうかを指定"
+"します。この機能は MIT Kerberos >= 1.7 で利用可能です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
+#: sssd-ldap.5.xml:1474
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
+#: sssd-ldap.5.xml:1477
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
@@ -3836,7 +4212,7 @@ msgstr ""
"す。以下の値が許容されます:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1482
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
@@ -3845,7 +4221,7 @@ msgstr ""
"ンはサーバー側のパスワードポリシーを無効にできません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
+#: sssd-ldap.5.xml:1487
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -3856,7 +4232,7 @@ msgstr ""
"manvolnum></citerefentry> 形式の属性を使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
+#: sssd-ldap.5.xml:1493
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -3867,17 +4243,17 @@ msgstr ""
"とき、これらの属性を更新するために chpass_provider=krb5 を使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1505
msgid "ldap_referrals (boolean)"
msgstr "ldap_referrals (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1508
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr "自動参照追跡が有効化されるかを指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
+#: sssd-ldap.5.xml:1512
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
@@ -3885,29 +4261,38 @@ msgstr ""
"OpenLDAP バージョン 2.4.13 およびそれ以降とともにコンパイルされているとき、 "
"sssd のみが参照追跡をサポートすることに注意してください。"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1517
+msgid ""
+"Chasing referrals may incur a performance penalty in environments that use "
+"them heavily, a notable example is Microsoft Active Directory. If your setup "
+"does not in fact require the use of referrals, setting this option to false "
+"might bring a noticeable performance improvement."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1531
msgid "ldap_dns_service_name (string)"
msgstr "ldap_dns_service_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1534
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
"サービス検索が有効にされているときに使用するサービスの名前を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1538
msgid "Default: ldap"
msgstr "初期値: ldap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1544
msgid "ldap_chpass_dns_service_name (string)"
msgstr "ldap_chpass_dns_service_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
+#: sssd-ldap.5.xml:1547
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
@@ -3916,37 +4301,32 @@ msgstr ""
"を検索するために使用するサービスの名前を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1552
msgid "Default: not set, i.e. service discovery is disabled"
msgstr "初期値: 設定されていません、つまりサービス検索が無効にされています"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
+#: sssd-ldap.5.xml:1558
msgid "ldap_access_filter (string)"
msgstr "ldap_access_filter (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1561
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
+"it will result in all users being denied access. Use access_provider = "
+"permit to change this default behavior."
msgstr ""
-"access_provider = ldap を使用しているならば、このオプションは必須です。このホ"
-"ストにおいてアクセスが許可されるユーザーに対して満たされる必要がある LDAP 検"
-"索フィルター基準を指定します。 access_provider = ldap かつこのオプションが設"
-"定されていないと、すべてのユーザーがアクセスを拒否される結果になります。この"
-"初期値による動作を変更するには access_provider = allow を使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:1571 sssd-ldap.5.xml:2061
msgid "Example:"
msgstr "例:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
+#: sssd-ldap.5.xml:1574
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3958,7 +4338,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1578
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
@@ -3967,26 +4347,30 @@ msgstr ""
"ンバーに制限されることを意味します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
+#: sssd-ldap.5.xml:1583
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
"access during their last login, they will continue to be granted access "
"while offline and vice-versa."
msgstr ""
+"この機能に対するオフラインキャッシュは、ユーザーの最終オンラインログインがア"
+"クセス権を許可されたかどうかを決めることに制限されます。採集ログインの間にア"
+"クセスが許可されていると、オフラインの間にアクセスが許可され続けます。逆もま"
+"た同様です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1591 sssd-ldap.5.xml:1641
msgid "Default: Empty"
msgstr "初期値: 空白"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1597
msgid "ldap_account_expire_policy (string)"
msgstr "ldap_account_expire_policy (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1600
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
@@ -3995,7 +4379,7 @@ msgstr ""
"ます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1604
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4006,12 +4390,12 @@ msgstr ""
"否します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1611
msgid "The following values are allowed:"
msgstr "以下の値が許可されます:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1614
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
@@ -4020,7 +4404,7 @@ msgstr ""
"ldap_user_shadow_expire の値を使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1619
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4029,7 +4413,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1626
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4040,7 +4424,7 @@ msgstr ""
"ldap_ns_account_lock の値を使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
+#: sssd-ldap.5.xml:1632
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4053,28 +4437,28 @@ msgstr ""
"クセスが許可されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
+#: sssd-ldap.5.xml:1647
msgid "ldap_access_order (string)"
msgstr "ldap_access_order (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
+#: sssd-ldap.5.xml:1650
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
"アクセス制御オプションのカンマ区切り一覧です。許可される値は次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1654
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr "<emphasis>filter</emphasis>: ldap_access_filter を使用します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1657
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr "<emphasis>expire</emphasis>: ldap_account_expire_policy を使用します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1661
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
@@ -4083,30 +4467,30 @@ msgstr ""
"authorizedService 属性を使用します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
+#: sssd-ldap.5.xml:1666
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
"<emphasis>host</emphasis>: アクセス権を決めるために host 属性を使用します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1670
msgid "Default: filter"
msgstr "初期値: filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1673
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr "値が複数使用されていると設定エラーになることに注意してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1680
msgid "ldap_deref (string)"
msgstr "ldap_deref (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
+#: sssd-ldap.5.xml:1683
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
@@ -4115,12 +4499,12 @@ msgstr ""
"ションが許容されます:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1688
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr "<emphasis>never</emphasis>: エイリアスが参照解決されません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1692
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
@@ -4129,7 +4513,7 @@ msgstr ""
"決されますが、検索のベースオブジェクトの位置を探すときはされません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1697
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
@@ -4138,7 +4522,7 @@ msgstr ""
"すときのみ参照解決されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1702
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
@@ -4147,7 +4531,7 @@ msgstr ""
"きも位置を検索するときも参照解決されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1707
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -4171,57 +4555,57 @@ msgstr ""
"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1718
msgid "SUDO OPTIONS"
msgstr "SUDO オプション"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1723
msgid "ldap_sudorule_object_class (string)"
msgstr "ldap_sudorule_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
+#: sssd-ldap.5.xml:1726
msgid "The object class of a sudo rule entry in LDAP."
msgstr "LDAP にある sudo ルールエントリーのオブジェクトクラスです。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1729
msgid "Default: sudoRole"
msgstr "初期値: sudoRole"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1735
msgid "ldap_sudorule_name (string)"
msgstr "ldap_sudorule_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1738
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr "sudo ルール名に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1748
msgid "ldap_sudorule_command (string)"
msgstr "ldap_sudorule_command (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1751
msgid "The LDAP attribute that corresponds to the command name."
msgstr "コマンド名に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
+#: sssd-ldap.5.xml:1755
msgid "Default: sudoCommand"
msgstr "初期値: sudoCommand"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
+#: sssd-ldap.5.xml:1761
msgid "ldap_sudorule_host (string)"
msgstr "ldap_sudorule_host (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
+#: sssd-ldap.5.xml:1764
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
@@ -4230,17 +4614,17 @@ msgstr ""
"クグループ)に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
+#: sssd-ldap.5.xml:1769
msgid "Default: sudoHost"
msgstr "初期値: sudoHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1775
msgid "ldap_sudorule_user (string)"
msgstr "ldap_sudorule_user (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
+#: sssd-ldap.5.xml:1778
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
@@ -4249,49 +4633,49 @@ msgstr ""
"る LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
+#: sssd-ldap.5.xml:1782
msgid "Default: sudoUser"
msgstr "初期値: sudoUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1788
msgid "ldap_sudorule_option (string)"
msgstr "ldap_sudorule_option (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
+#: sssd-ldap.5.xml:1791
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr "sudo オプションに対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
+#: sssd-ldap.5.xml:1795
msgid "Default: sudoOption"
msgstr "初期値: sudoOption"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
+#: sssd-ldap.5.xml:1801
msgid "ldap_sudorule_runasuser (string)"
msgstr "ldap_sudorule_runasuser (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1804
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr "コマンドを実行するユーザー名に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
+#: sssd-ldap.5.xml:1808
msgid "Default: sudoRunAsUser"
msgstr "初期値: sudoRunAsUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
+#: sssd-ldap.5.xml:1814
msgid "ldap_sudorule_runasgroup (string)"
msgstr "ldap_sudorule_runasgroup (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
+#: sssd-ldap.5.xml:1817
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
@@ -4299,34 +4683,34 @@ msgstr ""
"コマンドを実行するグループ名またはグループの GID に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
+#: sssd-ldap.5.xml:1821
msgid "Default: sudoRunAsGroup"
msgstr "初期値: sudoRunAsGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
+#: sssd-ldap.5.xml:1827
msgid "ldap_sudorule_notbefore (string)"
msgstr "ldap_sudorule_notbefore (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
+#: sssd-ldap.5.xml:1830
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr "sudo ルールが有効になる開始日時に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1834
msgid "Default: sudoNotBefore"
msgstr "初期値: sudoNotBefore"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
+#: sssd-ldap.5.xml:1840
msgid "ldap_sudorule_notafter (string)"
msgstr "ldap_sudorule_notafter (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
+#: sssd-ldap.5.xml:1843
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
@@ -4335,32 +4719,32 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1848
msgid "Default: sudoNotAfter"
msgstr "初期値: sudoNotAfter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1854
msgid "ldap_sudorule_order (string)"
msgstr "ldap_sudorule_order (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1857
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr "ルールの並び替えインデックスに対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
+#: sssd-ldap.5.xml:1861
msgid "Default: sudoOrder"
msgstr "初期値: sudoOrder"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1867
msgid "ldap_sudo_refresh_enabled (boolean)"
msgstr "ldap_sudo_refresh_enabled (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1870
msgid ""
"Enables periodical download of all sudo rules. The cache is purged before "
"each update."
@@ -4369,24 +4753,24 @@ msgstr ""
"れの更新前に掃除されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1880
msgid "ldap_sudo_refresh_timeout (integer)"
msgstr "ldap_sudo_refresh_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
+#: sssd-ldap.5.xml:1883
msgid ""
"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
msgstr ""
"SSSD が sudo ルールのキャッシュを更新する前に待たなければいけない秒数です。"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1721
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1894
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -4398,59 +4782,59 @@ msgstr ""
"refentrytitle><manvolnum>5</manvolnum> </citerefentry> を参照してください"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1904
msgid "AUTOFS OPTIONS"
msgstr "AUTOFS オプション"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
+#: sssd-ldap.5.xml:1906
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
msgstr "初期値は RFC2307 の標準スキーマに対応することに注意してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1913
msgid "ldap_autofs_map_object_class (string)"
msgstr "ldap_autofs_map_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1916 sssd-ldap.5.xml:1942
msgid "The object class of an automount map entry in LDAP."
msgstr "LDAP にある automount マップエントリーのオブジェクトクラスです。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1919 sssd-ldap.5.xml:1946
msgid "Default: automountMap"
msgstr "初期値: automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
+#: sssd-ldap.5.xml:1926
msgid "ldap_autofs_map_name (string)"
msgstr "ldap_autofs_map_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
+#: sssd-ldap.5.xml:1929
msgid "The name of an automount map entry in LDAP."
msgstr "LDAP における automount のマップエントリーの名前です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
+#: sssd-ldap.5.xml:1932
msgid "Default: ou"
msgstr "初期値: ou"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1939
msgid "ldap_autofs_entry_object_class (string)"
msgstr "ldap_autofs_entry_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1953
msgid "ldap_autofs_entry_key (string)"
msgstr "ldap_autofs_entry_key (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
+#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:1970
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
@@ -4459,17 +4843,17 @@ msgstr ""
"ントと対応します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1967
msgid "ldap_autofs_entry_value (string)"
msgstr "ldap_autofs_entry_value (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1974
msgid "Default: automountInformation"
msgstr "初期値: automountInformation"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1911
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -4482,17 +4866,17 @@ msgstr ""
"\"variablelist\" id=\"4\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
+#: sssd-ldap.5.xml:1983
msgid "ADVANCED OPTIONS"
msgstr "高度なオプション"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
+#: sssd-ldap.5.xml:1990
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
+#: sssd-ldap.5.xml:1993
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
@@ -4500,34 +4884,34 @@ msgstr ""
"ス DN です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:2009
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
+#: sssd-ldap.5.xml:2012
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
"ユーザーの検索を特定のサブツリーに制限するためのオプションのベース DN です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
+#: sssd-ldap.5.xml:2028
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:2031
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
"グループの検索を特定のサブツリーに制限するためのオプションのベース DN です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:2047
msgid "ldap_user_search_filter (string)"
msgstr "ldap_user_search_filter (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
+#: sssd-ldap.5.xml:2050
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
@@ -4536,7 +4920,7 @@ msgstr ""
"定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
+#: sssd-ldap.5.xml:2054
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
@@ -4545,7 +4929,7 @@ msgstr ""
"<emphasis>廃止されます</emphasis>。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2064
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -4555,7 +4939,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
+#: sssd-ldap.5.xml:2067
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
@@ -4564,12 +4948,12 @@ msgstr ""
"制限されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2074
msgid "ldap_group_search_filter (string)"
msgstr "ldap_group_search_filter (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
+#: sssd-ldap.5.xml:2077
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
@@ -4578,7 +4962,7 @@ msgstr ""
"定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2081
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
@@ -4587,12 +4971,12 @@ msgstr ""
"<emphasis>廃止されます</emphasis>。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2091
msgid "ldap_sudo_search_base (string)"
msgstr "ldap_sudo_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2094
msgid ""
"An optional base DN to restrict sudo rules searches to a specific subtree."
msgstr ""
@@ -4600,12 +4984,12 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
+#: sssd-ldap.5.xml:2113
msgid "ldap_autofs_search_base (string)"
msgstr "ldap_autofs_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
+#: sssd-ldap.5.xml:2116
msgid ""
"An optional base DN to restrict automounter searches to a specific subtree."
msgstr ""
@@ -4613,7 +4997,7 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1985
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -4624,7 +5008,7 @@ msgstr ""
"さい。 <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2147
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -4635,7 +5019,7 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
+#: sssd-ldap.5.xml:2153
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -4656,19 +5040,19 @@ msgstr ""
" cache_credentials = true\n"
" enumerate = true\n"
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
+#. type: Content of: <refsect1><refsect2><para>
+#: sssd-ldap.5.xml:2152 sssd-simple.5.xml:134 sssd-ipa.5.xml:571
+#: sssd-krb5.5.xml:441 include/ldap_id_mapping.xml:63
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:2166 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr "注記"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
+#: sssd-ldap.5.xml:2168
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -4681,7 +5065,7 @@ msgstr ""
"づいています。"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
+#: sssd-ldap.5.xml:2179
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -4815,6 +5199,10 @@ msgid ""
"calling PAM handles the user dialog on its own. A typical example is "
"<command>sshd</command> with <option>PasswordAuthentication</option>."
msgstr ""
+"このオプションは、アプリケーションが呼び出す PAM が自身においてユーザーダイア"
+"ログを処理すると仮定して動作しません。典型的な例は "
+"<option>PasswordAuthentication</option> を用いた <command>sshd</command> で"
+"す。"
#. type: Content of: <reference><refentry><refsect1><title>
#: pam_sss.8.xml:110
@@ -4842,6 +5230,9 @@ msgid ""
"does not support password resets, an individual message can be displayed. "
"This message can e.g. contain instructions about how to reset a password."
msgstr ""
+"対応する SSSD プロバイダーがパスワードリセットをサポートしないため、root によ"
+"るパスワードリセットが失敗すると、それぞれのメッセージが表示されます。たとえ"
+"ば、このメッセージはパスワードをリセットする方法に関する説明があります。"
#. type: Content of: <reference><refentry><refsect1><para>
#: pam_sss.8.xml:123
@@ -4906,6 +5297,12 @@ msgid ""
"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry> は、レルム、および KDC の名前または IP アドレスを、それぞれ "
+"SSSD_KRB5_REALM および SSSD_KRB5_KDC の中に置きます。"
+"<command>sssd_krb5_locator_plugin</command> が Kerberos ライブラリーにより呼"
+"び出されるとき、それがこれらの変数を読み込み、評価し、ライブラリーに返しま"
+"す。"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd_krb5_locator_plugin.8.xml:63
@@ -4914,6 +5311,10 @@ msgid ""
"<command>sssd_krb5_locator_plugin</command> is not available on your system "
"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
msgstr ""
+"すべての Kerberos 実装がプラグインの使用をサポートしているとは限りません。 "
+"<command>sssd_krb5_locator_plugin</command> がシステムにおいて利用可能でなけ"
+"れば、Kerberos の構築を反映するように /etc/krb5.conf を編集する必要がありま"
+"す。"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd_krb5_locator_plugin.8.xml:69
@@ -5152,6 +5553,11 @@ msgid ""
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
"provider with some exceptions described below."
msgstr ""
+"IPA プロバイダーは <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> 識別プロバイダーおよび "
+"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> 認証プロバイダーにより使用されるものと同じオプショ"
+"ンを受け付けます。いくつかの例外は以下に説明されています。"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:55
@@ -5162,6 +5568,12 @@ msgid ""
"freeipa.org for more information about HBAC. No configuration of access "
"provider is required on the client side."
msgstr ""
+"しかし、これらのオプションを設定することは必要ありません、また推奨もされませ"
+"ん。IPA プロバイダーはアクセスプロバイダーおよびパスワード変更プロバイダーと"
+"しても使用できます。アクセスプロバイダーとしては、HBAC (ホストベースアクセス"
+"制御) ルールを使用します。HBAC の詳細は freeipa.org を参照してください。アク"
+"セスプロバイダーが設定されていなければ、クライアント側において必要になりま"
+"す。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:72
@@ -5302,12 +5714,35 @@ msgstr ""
"して使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:199
+#, fuzzy
+#| msgid "ipa_hbac_search_base (string)"
+msgid "ipa_subdomains_search_base (string)"
+msgstr "ipa_hbac_search_base (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:202
+#, fuzzy
+#| msgid "Optional. Use the given string as search base for host objects."
+msgid "Optional. Use the given string as search base for trusted domains."
+msgstr ""
+"オプションです。ホストオブジェクトの検索ベースとして与えられた文字列を使用し"
+"ます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+#, fuzzy
+#| msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
+msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
+msgstr "初期値: <emphasis>ldap_search_base</emphasis> の値"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:218 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr "krb5_validate (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:221 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
@@ -5315,7 +5750,7 @@ msgstr ""
"取得された TGT が改ざんされていないかを krb5_keytab の支援で確認します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
+#: sssd-ipa.5.xml:228
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -5324,7 +5759,7 @@ msgstr ""
"してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
+#: sssd-ipa.5.xml:238
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
@@ -5333,7 +5768,7 @@ msgstr ""
"quote> の値です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:242
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
@@ -5342,7 +5777,7 @@ msgstr ""
"めに使用するベース DN に変換されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
+#: sssd-ipa.5.xml:253
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -5352,12 +5787,12 @@ msgstr ""
"するかを指定します。この機能は MIT Kerberos >= 1.7 で利用可能です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
+#: sssd-ipa.5.xml:266
msgid "ipa_hbac_refresh (integer)"
msgstr "ipa_hbac_refresh (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
+#: sssd-ipa.5.xml:269
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -5365,17 +5800,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
+#: sssd-ipa.5.xml:276
msgid "Default: 5 (seconds)"
msgstr "初期値: 5 (秒)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
+#: sssd-ipa.5.xml:281
msgid "ipa_hbac_treat_deny_as (string)"
msgstr "ipa_hbac_treat_deny_as (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
+#: sssd-ipa.5.xml:284
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -5389,7 +5824,7 @@ msgstr ""
"操作をサポートします:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
+#: sssd-ipa.5.xml:293
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
@@ -5398,7 +5833,7 @@ msgstr ""
"てのユーザーがアクセスを拒否されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
+#: sssd-ipa.5.xml:298
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
@@ -5408,17 +5843,17 @@ msgstr ""
"注意してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
+#: sssd-ipa.5.xml:303
msgid "Default: DENY_ALL"
msgstr "初期値: DENY_ALL"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
+#: sssd-ipa.5.xml:308
msgid "ipa_hbac_support_srchost (boolean)"
msgstr "ipa_hbac_support_srchost (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:311
msgid ""
"If this is set to false, then srchost as given to SSSD by PAM will be "
"ignored."
@@ -5427,7 +5862,7 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
+#: sssd-ipa.5.xml:315
msgid ""
"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
@@ -5437,37 +5872,37 @@ msgstr ""
"ようになることに注意してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
+#: sssd-ipa.5.xml:326
msgid "ipa_automount_location (string)"
msgstr "ipa_automount_location (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
+#: sssd-ipa.5.xml:329
msgid "The automounter location this IPA client will be using"
msgstr "この IPA クライアントが使用する automounter の場所です"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
+#: sssd-ipa.5.xml:332
msgid "Default: The location named \"default\""
msgstr "初期値: \"default\" という名前の場所"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:338
msgid "ipa_netgroup_member_of (string)"
msgstr "ipa_netgroup_member_of (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
+#: sssd-ipa.5.xml:341
msgid "The LDAP attribute that lists netgroup's memberships."
msgstr "ネットワークグループのメンバーを一覧にする LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
+#: sssd-ipa.5.xml:350
msgid "ipa_netgroup_member_user (string)"
msgstr "ipa_netgroup_member_user (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
+#: sssd-ipa.5.xml:353
msgid ""
"The LDAP attribute that lists system users and groups that are direct "
"members of the netgroup."
@@ -5476,17 +5911,17 @@ msgstr ""
"る LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:358 sssd-ipa.5.xml:453
msgid "Default: memberUser"
msgstr "初期値: memberUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
+#: sssd-ipa.5.xml:363
msgid "ipa_netgroup_member_host (string)"
msgstr "ipa_netgroup_member_host (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:366
msgid ""
"The LDAP attribute that lists hosts and host groups that are direct members "
"of the netgroup."
@@ -5495,17 +5930,17 @@ msgstr ""
"LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:370 sssd-ipa.5.xml:465
msgid "Default: memberHost"
msgstr "初期値: memberHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:375
msgid "ipa_netgroup_member_ext_host (string)"
msgstr "ipa_netgroup_member_ext_host (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
+#: sssd-ipa.5.xml:378
msgid ""
"The LDAP attribute that lists FQDNs of hosts and host groups that are "
"members of the netgroup."
@@ -5514,100 +5949,100 @@ msgstr ""
"る LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
+#: sssd-ipa.5.xml:382
msgid "Default: externalHost"
msgstr "初期値: externalHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
+#: sssd-ipa.5.xml:387
msgid "ipa_netgroup_domain (string)"
msgstr "ipa_netgroup_domain (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:390
msgid "The LDAP attribute that contains NIS domain name of the netgroup."
msgstr "ネットワークグループの NIS ドメイン名を含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
+#: sssd-ipa.5.xml:394
msgid "Default: nisDomainName"
msgstr "初期値: nisDomainName"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
+#: sssd-ipa.5.xml:400
msgid "ipa_host_object_class (string)"
msgstr "ipa_host_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
+#: sssd-ipa.5.xml:403 sssd-ipa.5.xml:426
msgid "The object class of a host entry in LDAP."
msgstr "LDAP にあるホストエントリーのオブジェクトクラスです。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
+#: sssd-ipa.5.xml:406 sssd-ipa.5.xml:429
msgid "Default: ipaHost"
msgstr "初期値: ipaHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:411
msgid "ipa_host_fqdn (string)"
msgstr "ipa_host_fqdn (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
+#: sssd-ipa.5.xml:414
msgid "The LDAP attribute that contains FQDN of the host."
msgstr "ホストの FQDN を含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
+#: sssd-ipa.5.xml:417
msgid "Default: fqdn"
msgstr "初期値: fqdn"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
+#: sssd-ipa.5.xml:423
msgid "ipa_selinux_usermap_object_class (string)"
msgstr "ipa_selinux_usermap_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
+#: sssd-ipa.5.xml:434
msgid "ipa_selinux_usermap_name (string)"
msgstr "ipa_selinux_usermap_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:437
msgid "The LDAP attribute that contains the name of SELinux usermap."
msgstr "SELinux ユーザーマップの名前を含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:446
msgid "ipa_selinux_usermap_member_user (string)"
msgstr "ipa_selinux_usermap_member_user (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
+#: sssd-ipa.5.xml:449
msgid ""
"The LDAP attribute that contains all users / groups this rule match against."
msgstr "このルールが一致するすべてのユーザー・グループを含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
+#: sssd-ipa.5.xml:458
msgid "ipa_selinux_usermap_member_host (string)"
msgstr "ipa_selinux_usermap_member_host (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
+#: sssd-ipa.5.xml:461
msgid ""
"The LDAP attribute that contains all hosts / hostgroups this rule match "
"against."
msgstr "このルールが一致するホスト・ホストグループを含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:470
msgid "ipa_selinux_usermap_see_also (string)"
msgstr "ipa_selinux_usermap_see_also (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:473
msgid ""
"The LDAP attribute that contains DN of HBAC rule which can be used for "
"matching instead of memberUser and memberHost"
@@ -5616,32 +6051,32 @@ msgstr ""
"む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
+#: sssd-ipa.5.xml:478
msgid "Default: seeAlso"
msgstr "初期値: seeAlso"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
+#: sssd-ipa.5.xml:483
msgid "ipa_selinux_usermap_selinux_user (string)"
msgstr "ipa_selinux_usermap_selinux_user (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:486
msgid "The LDAP attribute that contains SELinux user string itself."
msgstr "SELinux ユーザー文字列自身を含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:490
msgid "Default: ipaSELinuxUser"
msgstr "初期値: ipaSELinuxUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
+#: sssd-ipa.5.xml:495
msgid "ipa_selinux_usermap_enabled (string)"
msgstr "ipa_selinux_usermap_enabled (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
+#: sssd-ipa.5.xml:498
msgid ""
"The LDAP attribute that contains whether or not is user map enabled for "
"usage."
@@ -5649,72 +6084,72 @@ msgstr ""
"ユーザーマップが使用するために有効化されているかどうかを含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:502
msgid "Default: ipaEnabledFlag"
msgstr "初期値: ipaEnabledFlag"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
+#: sssd-ipa.5.xml:507
msgid "ipa_selinux_usermap_user_category (string)"
msgstr "ipa_selinux_usermap_user_category (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:510
msgid "The LDAP attribute that contains user category such as 'all'."
msgstr "'all' のようなユーザーカテゴリーを含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
+#: sssd-ipa.5.xml:514
msgid "Default: userCategory"
msgstr "初期値: userCategory"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:519
msgid "ipa_selinux_usermap_host_category (string)"
msgstr "ipa_selinux_usermap_host_category (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:522
msgid "The LDAP attribute that contains host category such as 'all'."
msgstr "'all' のようなホストカテゴリーを含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
+#: sssd-ipa.5.xml:526
msgid "Default: hostCategory"
msgstr "初期値: hostCategory"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:531
msgid "ipa_selinux_usermap_uuid (string)"
msgstr "ipa_selinux_usermap_uuid (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
+#: sssd-ipa.5.xml:534
msgid "The LDAP attribute that contains unique ID of the user map."
msgstr "ユーザーマップの一意な ID を含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
+#: sssd-ipa.5.xml:538
msgid "Default: ipaUniqueID"
msgstr "初期値: ipaUniqueID"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
+#: sssd-ipa.5.xml:543
msgid "ipa_host_ssh_public_key (string)"
msgstr "ipa_host_ssh_public_key (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
+#: sssd-ipa.5.xml:546
msgid "The LDAP attribute that contains the host's SSH public keys."
msgstr "ホストの SSH 公開鍵を含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:550
msgid "Default: ipaSshPubKey"
msgstr "初期値: ipaSshPubKey"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:565
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -5725,7 +6160,7 @@ msgstr ""
"例は IPA プロバイダー固有のオプションのみを示しています。"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:572
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -5739,7 +6174,7 @@ msgstr ""
" ipa_hostname = myhost.example.com\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
+#: sssd-ipa.5.xml:583
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -5785,6 +6220,13 @@ msgid ""
"FreeIPA. It provides a more robust database to store local users as well as "
"extended user data."
msgstr ""
+"<command>SSSD</command> はリモートディレクトリーへのアクセスと認証メカニズム"
+"を管理するための一組のデーモンを提供します。システムへの NSS と PAM インター"
+"フェースを提供します。また、D-Bus インターフェースのように複数の異なるアカウ"
+"ントソースに接続するための取り外し可能なバックエンドシステムを提供します。ク"
+"ライアント監査、およびFreeIPA のようなプロジェクトに対するポリシーサービスを"
+"提供する基礎となります。ローカルユーザーだけでなく拡張ユーザーデータを保存す"
+"るためのより強靭なデータベースを提供します。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:46
@@ -5828,11 +6270,6 @@ msgstr ""
msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
msgstr "<emphasis>0</emphasis>: 日時でマイクロ秒を無効にします"
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr "初期値: 0"
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:85
msgid "<option>-f</option>,<option>--debug-to-files</option>"
@@ -5845,6 +6282,9 @@ msgid ""
"are stored in <filename>/var/log/sssd</filename> and there are separate log "
"files for every SSSD service and domain."
msgstr ""
+"デバッグ出力を標準エラーの代わりにファイルに送信します。初期状態で、ログファ"
+"イルは <filename>/var/log/sssd</filename> に保存され、すべての SSSD サービス"
+"とドメインに対して別々のログファイルがあります。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:97
@@ -6042,6 +6482,10 @@ msgid ""
"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
"advised."
msgstr ""
+"パスワードをわかりにくくすることは、攻撃者がパスワードをリバースエンジニアリ"
+"ングできるので <emphasis>実際にセキュリティの便益</emphasis> は提供されませ"
+"ん。クライアントサイド証明書や GSSAPI のようなより良い認証機構を使用すること"
+"を <emphasis>強く</emphasis> 推奨します。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_obfuscate.8.xml:63
@@ -6295,7 +6739,7 @@ msgstr ""
"値を使います。"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
+#: sss_useradd.8.xml:171
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6351,6 +6795,13 @@ msgid ""
"page for the applicable identity provider for details on how to configure "
"this."
msgstr ""
+"Kerberos 5 認証バックエンドは認証プロバイダーおよびパスワード変更プロバイダー"
+"を含みます。正しく機能するためには識別プロダイバーと組み合わせて使用する必要"
+"があります (たとえば、id_provider = ldap)。Kerberos 5 認証バックエンドにより"
+"必要とされるいくつかの情報は、ユーザーの Kerberos プリンシパル名 (UPN) のよう"
+"な、識別プロバイダーにより提供される必要があります。識別プロバイダーの設定は "
+"UPN を指定するためのエントリーがある必要があります。これを設定する方法に関す"
+"る詳細は適用可能な識別プロバイダーのマニュアルページを参照してください。"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:47
@@ -6362,6 +6813,12 @@ msgid ""
"To activate this feature use 'access_provider = krb5' in your sssd "
"configuration."
msgstr ""
+"このバックエンドは、ユーザーのホームディレクトリーにある .k5login ファイルに"
+"基づいたアクセス制御を提供します。詳細は <citerefentry> <refentrytitle>."
+"k5login</refentrytitle><manvolnum>5</manvolnum> </citerefentry> を参照してく"
+"ださい。空の .k5login ファイルがあると、このユーザーに対するすべてのアクセス"
+"が拒否されます。この機能を有効にするには、SSSD 設定において 'access_provider "
+"= krb5' を使用します。"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:55
@@ -6393,6 +6850,9 @@ msgid ""
"can be defined here. An optional port number (preceded by a colon) may be "
"appended to the addresses or hostnames."
msgstr ""
+"パスワード変更サービスが KDC において実行されていなければ、代替サーバーがここ"
+"で指定できます。オプションのポート番号が(コロンに続けて)アドレスまたはホス"
+"ト名に追加できます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:122
@@ -6402,6 +6862,10 @@ msgid ""
"kpasswd servers to try the back end is not switch to offline if "
"authentication against the KDC is still possible."
msgstr ""
+"フェイルオーバーとサーバー冗長性に関する詳細は、<quote>フェイルオーバー</"
+"quote>のセクションを参照してください。KDC に対する認証がまだ可能であるなら"
+"ば、たとえすべての kpasswd サーバーがなかったとしても、バックエンドをオフライ"
+"ンに切り替えないことに注意してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:129
@@ -6424,6 +6888,13 @@ msgid ""
"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
"citerefentry> for details) is created."
msgstr ""
+"クレディンシャルキャッシュを保存するディレクトリーです。すべての "
+"krb5_ccname_template の置換シーケンスが、%d と %P を除き、ここで使用できま"
+"す。ディレクトリーが存在しなければ、作成されます。%u, %U, %p または %h が使用"
+"されていると、ユーザーが所属するプライベートディレクトリーが作成されます。そ"
+"うでなければ、削除制限フラグ(つまりスティッキービットです、詳細は "
+"<citerefentry> <refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> "
+"</citerefentry> を参照してください)を持つ公開ディレクトリーが作成されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:151
@@ -6494,6 +6965,11 @@ msgid ""
"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
"way."
msgstr ""
+"ユーザーのクレディンシャルキャッシュの位置です。現在、ファイルベースのクレ"
+"ディンシャルキャッシュのみがサポートされます。テンプレートにおいて、以下の"
+"シーケンスが置換されます: <placeholder type=\"variablelist\" id=\"0\"/> テン"
+"プレートが 'XXXXXX' で終わっていると、 mkstemp(3) が安全な方法で一意なファイ"
+"ル名を作成するために使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:209
@@ -6554,6 +7030,9 @@ msgid ""
"Passwords stored in this way are kept in plaintext in the kernel keyring and "
"are potentially accessible by the root user (with difficulty)."
msgstr ""
+"この機能は現在 Linux プラットフォームにおいてのみ利用可能なことに注意してくだ"
+"さい。この方法で保存したパスワードは、カーネルのキーリングに平文で保持され、"
+"潜在的に root ユーザーによりアクセスできる可能性があります(難しいです)。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:275
@@ -6761,6 +7240,9 @@ msgid ""
"example shows only configuration of Kerberos authentication, it does not "
"include any identity provider."
msgstr ""
+"以下の例は、SSSD が正しく設定され、FOO が <replaceable>[sssd]</replaceable> "
+"セクションにあるドメインの 1 つであると仮定しています。この例は Kerberos 認証"
+"の設定のみを示し、識別プロバイダーを何も含みません。"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd-krb5.5.xml:442
@@ -6838,7 +7320,7 @@ msgstr ""
"いと、自動的に選択されます。"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
+#: sss_groupadd.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6944,7 +7426,7 @@ msgid "Before actually deleting the user, terminate all his processes."
msgstr "実際にユーザーを削除する前に、そのプロセスをすべて停止します。"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
+#: sss_userdel.8.xml:97
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6997,7 +7479,7 @@ msgstr ""
"り識別されるグループをシステムから削除します。"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
+#: sss_groupdel.8.xml:50
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -7065,7 +7547,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
+#: sss_groupshow.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -7171,7 +7653,7 @@ msgid "The SELinux user for the user's login."
msgstr "ユーザーのログインのための SELinux ユーザーです。"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
+#: sss_usermod.8.xml:142
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -7305,6 +7787,85 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:108
+#, fuzzy
+#| msgid ""
+#| "<option>-u</option>,<option>--user</option> <replaceable>login</"
+#| "replaceable>"
+msgid ""
+"<option>-s</option>,<option>--service</option> <replaceable>service</"
+"replaceable>"
+msgstr ""
+"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:113
+#, fuzzy
+#| msgid "Invalidate specific user."
+msgid "Invalidate specific service."
+msgstr "特定のユーザーを無効にします。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:119
+#, fuzzy
+#| msgid "<option>-U</option>,<option>--users</option>"
+msgid "<option>-S</option>,<option>--services</option>"
+msgstr "<option>-U</option>,<option>--users</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:123
+#, fuzzy
+#| msgid ""
+#| "Invalidate all user records. This option overrides invalidation of "
+#| "specific user if it was also set."
+msgid ""
+"Invalidate all service records. This option overrides invalidation of "
+"specific service if it was also set."
+msgstr ""
+"すべてのユーザーレコードを無効にします。このオプションも設定されていると、こ"
+"れが特定のユーザーの無効化を上書きします。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:130
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+#| "replaceable>"
+msgid ""
+"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
+"replaceable>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:135
+#, fuzzy
+#| msgid "Invalidate specific user."
+msgid "Invalidate specific autofs maps."
+msgstr "特定のユーザーを無効にします。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:141
+#, fuzzy
+#| msgid "<option>-U</option>,<option>--users</option>"
+msgid "<option>-A</option>,<option>--autofs-maps</option>"
+msgstr "<option>-U</option>,<option>--users</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:145
+#, fuzzy
+#| msgid ""
+#| "Invalidate all user records. This option overrides invalidation of "
+#| "specific user if it was also set."
+msgid ""
+"Invalidate all autofs maps. This option overrides invalidation of specific "
+"map if it was also set."
+msgstr ""
+"すべてのユーザーレコードを無効にします。このオプションも設定されていると、こ"
+"れが特定のユーザーの無効化を上書きします。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:152
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
"replaceable>"
@@ -7313,7 +7874,7 @@ msgstr ""
"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:113
+#: sss_cache.8.xml:157
msgid "Restrict invalidation process only to a particular domain."
msgstr "無効化プロセスを特定のドメインのみに制限します。"
@@ -7609,7 +8170,7 @@ msgstr ""
"るための適切なサービスを自動的に検索できます。"
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
msgid "Configuration"
msgstr "設定"
@@ -7735,6 +8296,253 @@ msgid ""
"offline mode, and then attempts to reconnect every 30 seconds."
msgstr ""
+#. type: Content of: <refsect1><title>
+#: include/ldap_id_mapping.xml:2
+msgid "ID MAPPING"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:4
+msgid ""
+"The ID-mapping feature allows SSSD to act as a client of Active Directory "
+"without requiring administrators to extend user attributes to support POSIX "
+"attributes for user and group identifiers."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:9
+msgid ""
+"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are "
+"ignored. This is to avoid the possibility of conflicts between automatically-"
+"assigned and manually-assigned values. If you need to use manually-assigned "
+"values, ALL values must be manually-assigned."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:17
+msgid "Mapping Algorithm"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:19
+msgid ""
+"Active Directory provides an objectSID for every user and group object in "
+"the directory. This objectSID can be broken up into components that "
+"represent the Active Directory domain identity and the relative identifier "
+"(RID) of the user or group object."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:25
+msgid ""
+"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
+"into equally-sized component sections - called \"slices\"-. Each slice "
+"represents the space available to an Active Directory domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:31
+msgid ""
+"When a user or group entry for a particular domain is encountered for the "
+"first time, the SSSD allocates one of the available slices for that domain. "
+"In order to make this slice-assignment repeatable on different client "
+"machines, we select the slice based on the following algorithm:"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:38
+msgid ""
+"The SID string is passed through the murmurhash3 algorithm to convert it to "
+"a 32-bit hashed value. We then take the modulus of this value with the total "
+"number of available slices to pick the slice."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:44
+msgid ""
+"NOTE: It is possible to encounter collisions in the hash and subsequent "
+"modulus. In these situations, we will select the next available slice, but "
+"it may not be possible to reproduce the same exact set of slices on other "
+"machines (since the order that they are encountered will determine their "
+"slice). In this situation, it is recommended to either switch to using "
+"explicit POSIX attributes in Active Directory (disabling ID-mapping) or "
+"configure a default domain to guarantee that at least one is always "
+"consistent. See <quote>Configuration</quote> for details."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:59
+msgid ""
+"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><programlisting>
+#: include/ldap_id_mapping.xml:64
+#, no-wrap
+msgid ""
+"ldap_id_mapping = True\n"
+"ldap_schema = ad\n"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:69
+msgid ""
+"The default configuration results in configuring 10,000 slices, each capable "
+"of holding up to 200,000 IDs, starting from 10,001 and going up to "
+"2,000,100,000. This should be sufficient for most deployments."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><title>
+#: include/ldap_id_mapping.xml:75
+#, fuzzy
+#| msgid "Configuration"
+msgid "Advanced Configuration"
+msgstr "設定"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:78
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_range_min (integer)"
+msgstr "ldap_page_size (整数)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:81
+msgid ""
+"Specifies the lower bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:85
+msgid ""
+"NOTE: This option is different from <quote>id_mn</quote> in that "
+"<quote>id_min</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_min</"
+"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:95
+#, fuzzy
+#| msgid "Default: 1000"
+msgid "Default: 10001"
+msgstr "初期値: 1000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:100
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_range_max (integer)"
+msgstr "ldap_page_size (整数)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:103
+msgid ""
+"Specifies the upper bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:107
+msgid ""
+"NOTE: This option is different from <quote>id_max</quote> in that "
+"<quote>id_max</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_max</"
+"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:117
+#, fuzzy
+#| msgid "Default: 1000"
+msgid "Default: 2000100000"
+msgstr "初期値: 1000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:122
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_range_size (integer)"
+msgstr "ldap_page_size (整数)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:125
+msgid ""
+"Specifies the number of IDs available for each slice. If the range size "
+"does not divide evenly into the min and max values, it will create as many "
+"complete slices as it can."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:131
+#, fuzzy
+#| msgid "Default: 1000"
+msgid "Default: 200000"
+msgstr "初期値: 1000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:136
+#, fuzzy
+#| msgid "ldap_default_bind_dn (string)"
+msgid "ldap_idmap_default_domain_sid (string)"
+msgstr "ldap_default_bind_dn (文字列)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:139
+msgid ""
+"Specify the domain SID of the default domain. This will guarantee that this "
+"domain will always be assigned to slice zero in the ID map, bypassing the "
+"murmurhash algorithm described above."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:150
+#, fuzzy
+#| msgid "ldap_default_bind_dn (string)"
+msgid "ldap_idmap_default_domain (string)"
+msgstr "ldap_default_bind_dn (文字列)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:153
+#, fuzzy
+#| msgid "The type of the authentication token of the default bind DN."
+msgid "Specify the name of the default domain."
+msgstr "初期バインド DN の認証トークンの形式です。"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:161
+#, fuzzy
+#| msgid "ldap_id_use_start_tls (boolean)"
+msgid "ldap_idmap_autorid_compat (boolean)"
+msgstr "ldap_id_use_start_tls (論理値)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:164
+msgid ""
+"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
+"winbind's <quote>idmap_autorid</quote> algorithm."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:169
+msgid ""
+"When this option is configured, domains will be allocated starting with "
+"slice zero and increasing monatomically with each additional domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:174
+msgid ""
+"NOTE: This algorithm is non-deterministic (it depends on the order that "
+"users and groups are requested). If this mode is required for compatibility "
+"with machines running winbind, it is recommended to also use the "
+"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at "
+"least one domain is consistently allocated to slice zero."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-h</option>,<option>--help</option>"
@@ -7876,3 +8684,33 @@ msgid ""
msgstr ""
"<emphasis> これは実験的な機能です、何らかの問題を報告するには http://"
"fedorahosted.org/sssd を使用してください。 </emphasis>"
+
+#. type: Content of: <refsect1><title>
+#: include/local.xml:2
+msgid "THE LOCAL DOMAIN"
+msgstr "ローカルドメイン"
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:4
+msgid ""
+"In order to function correctly, a domain with <quote>id_provider=local</"
+"quote> must be created and the SSSD must be running."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:9
+msgid ""
+"The administrator might want to use the SSSD local users instead of "
+"traditional UNIX users in cases where the group nesting (see <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>) is needed. The local users are also useful for testing and "
+"development of the SSSD without having to deploy a full remote server. The "
+"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
+"local LDB storage to store users and groups."
+msgstr ""
+
+#~ msgid "Default: 7"
+#~ msgstr "初期値: 7"
+
+#~ msgid "<quote>permit</quote> always allow access."
+#~ msgstr "<quote>permit</quote> は常にアクセスを許可します。"
diff --git a/src/man/po/nl.po b/src/man/po/nl.po
index 914f8c4d8..21a1b1994 100644
--- a/src/man/po/nl.po
+++ b/src/man/po/nl.po
@@ -8,8 +8,8 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-03-12 16:37-0300\n"
-"PO-Revision-Date: 2012-03-08 11:52+0000\n"
+"POT-Creation-Date: 2012-05-11 14:59-0300\n"
+"PO-Revision-Date: 2012-04-20 17:34+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: Dutch (http://www.transifex.net/projects/p/fedora/language/"
"nl/)\n"
@@ -128,18 +128,18 @@ msgstr ""
"replaceable> parameter."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1348 sssd-ldap.5.xml:2096
+#: sss_groupmod.8.xml:74 sssd.conf.5.xml:1585 sssd-ldap.5.xml:2177
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138 sss_ssh_authorizedkeys.1.xml:96
+#: sssd-ipa.5.xml:581 sssd.8.xml:191 sss_obfuscate.8.xml:103
+#: sss_useradd.8.xml:169 sssd-krb5.5.xml:451 sss_groupadd.8.xml:60
+#: sss_userdel.8.xml:95 sss_groupdel.8.xml:48 sss_groupshow.8.xml:60
+#: sss_usermod.8.xml:140 sss_ssh_authorizedkeys.1.xml:96
#: sss_ssh_knownhostsproxy.1.xml:95
msgid "SEE ALSO"
msgstr "ZIE OOK"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
+#: sss_groupmod.8.xml:76
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -264,7 +264,7 @@ msgid "The [sssd] section"
msgstr "De [sssd] sectie"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:1431
msgid "Section parameters"
msgstr "Sectie parameters"
@@ -297,16 +297,18 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:88
msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
+"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
+"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
+"\"with_ssh\">, ssh</phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
+#: sssd.conf.5.xml:96 sssd.conf.5.xml:288
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
+#: sssd.conf.5.xml:99 sssd.conf.5.xml:291
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -315,17 +317,17 @@ msgstr ""
"Data Aanbieder crashed of opnieuw start voordat dit opgegeven wordt"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
+#: sssd.conf.5.xml:104 sssd.conf.5.xml:296
msgid "Default: 3"
msgstr "Standaard: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:109
msgid "domains"
msgstr "domeinen"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:112
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -338,12 +340,12 @@ msgstr ""
"lijst van domeinen in de volgorde die SSSD ze moet aflopen."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
+#: sssd.conf.5.xml:122
msgid "re_expression (string)"
msgstr "re_expression (tekst)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
+#: sssd.conf.5.xml:125
msgid ""
"Regular expression that describes how to parse the string containing user "
"name and domain into these components."
@@ -352,7 +354,7 @@ msgstr ""
"domeinnaam verwerkt moeten worden."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
+#: sssd.conf.5.xml:129
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -363,7 +365,7 @@ msgstr ""
"het domein alles daarna\""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
+#: sssd.conf.5.xml:134
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -371,7 +373,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:141
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
@@ -380,12 +382,12 @@ msgstr ""
"(?P&lt;name&gt;) om subpatronen aan te geven."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
+#: sssd.conf.5.xml:148
msgid "full_name_format (string)"
msgstr "full_name_format (tekst)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
+#: sssd.conf.5.xml:151
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to translate "
@@ -396,17 +398,17 @@ msgstr ""
"(met name, domain) vertaald wordt in een full qualified name."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
+#: sssd.conf.5.xml:159
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Standaard: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
+#: sssd.conf.5.xml:164
msgid "try_inotify (boolean)"
msgstr "try_inotify (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
+#: sssd.conf.5.xml:167
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -419,7 +421,7 @@ msgstr ""
"kijken of resolv.conf gewijzigd is als er geen inotify beschikbaar is."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
+#: sssd.conf.5.xml:175
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -430,7 +432,7 @@ msgstr ""
"gezet worden"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
+#: sssd.conf.5.xml:181
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
@@ -439,7 +441,7 @@ msgstr ""
"systemen."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:185
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
@@ -449,12 +451,12 @@ msgstr ""
"conf."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
+#: sssd.conf.5.xml:192
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
+#: sssd.conf.5.xml:195
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -463,19 +465,42 @@ msgstr ""
"opslaan."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
+#: sssd.conf.5.xml:199
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
+#: sssd.conf.5.xml:205
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:212
+#, fuzzy
+#| msgid "enum_cache_timeout (integer)"
+msgid "force_timeout (integer)"
+msgstr "enum_cache_timeout (numeriek)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:215
+msgid ""
+"If a service is not responding to ping checks (see the <quote>timeout</"
+"quote> option), it is first sent the SIGTERM signal that instructs it to "
+"quit gracefully. If the service does not terminate after "
+"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down "
+"by sending a SIGKILL signal."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:542 sssd.conf.5.xml:690
+#: sssd-ldap.5.xml:1034
+msgid "Default: 60"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:63
msgid ""
@@ -488,12 +513,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
+#: sssd.conf.5.xml:234
msgid "SERVICES SECTIONS"
msgstr "SERVICES SECTIE"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
+#: sssd.conf.5.xml:236
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -502,100 +527,100 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
+#: sssd.conf.5.xml:243
msgid "General service configuration options"
msgstr "Algemene service configuratie-opties"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
+#: sssd.conf.5.xml:245
msgid "These options can be used to configure any service."
msgstr "Deze opties kunnen gebruikt worden om services te configureren."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
+#: sssd.conf.5.xml:249
msgid "debug_level (integer)"
msgstr "debug_level (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
+#: sssd.conf.5.xml:253
msgid "debug_timestamps (bool)"
msgstr "debug_timestamps (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
+#: sssd.conf.5.xml:256
msgid "Add a timestamp to the debug messages"
msgstr "Voeg een tijdstempel toe aan de debugberichten"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:393 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:408 sssd.conf.5.xml:793
+#: sssd-ldap.5.xml:1399 sssd-ldap.5.xml:1525 sssd-ipa.5.xml:225
+#: sssd-ipa.5.xml:260
msgid "Default: true"
msgstr "Standaard: true"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
+#: sssd.conf.5.xml:264
msgid "debug_microseconds (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
+#: sssd.conf.5.xml:267
msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:658 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:270 sssd.conf.5.xml:740 sssd.conf.5.xml:1368
+#: sssd-ldap.5.xml:620 sssd-ldap.5.xml:1312 sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1468 sssd-ldap.5.xml:1874 sssd-ipa.5.xml:123
+#: sssd-ipa.5.xml:320 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269
+#: sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "fd_limit"
+#: sssd.conf.5.xml:275
+msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:278
msgid ""
-"This option specifies the maximum number of file descriptors that may be "
-"opened at one time by this SSSD process. On systems where SSSD is granted "
-"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
-"systems without this capability, the resulting value will be the lower value "
-"of this or the limits.conf \"hard\" limit."
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:282
-msgid "Default: 8192 (or limits.conf \"hard\" limit)"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:283 sssd-ldap.5.xml:1183
+msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:287
-msgid "command (string)"
-msgstr "command (tekst)"
+#: sssd.conf.5.xml:301
+msgid "fd_limit"
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:290
+#: sssd.conf.5.xml:304
msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>. This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
+"This option specifies the maximum number of file descriptors that may be "
+"opened at one time by this SSSD process. On systems where SSSD is granted "
+"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
+"systems without this capability, the resulting value will be the lower value "
+"of this or the limits.conf \"hard\" limit."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr "Standaard: <command>sssd_${service_name}</command>"
+#: sssd.conf.5.xml:313
+msgid "Default: 8192 (or limits.conf \"hard\" limit)"
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:306
+#: sssd.conf.5.xml:321
msgid "NSS configuration options"
msgstr "NSS configuratie-opties"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:308
+#: sssd.conf.5.xml:323
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
@@ -603,12 +628,12 @@ msgstr ""
"configurere."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:313
+#: sssd.conf.5.xml:328
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316
+#: sssd.conf.5.xml:331
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
@@ -617,17 +642,17 @@ msgstr ""
"over alle gebruikers)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:335
msgid "Default: 120"
msgstr "Standaard: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:325
+#: sssd.conf.5.xml:340
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:328
+#: sssd.conf.5.xml:343
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -635,7 +660,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:349
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -645,7 +670,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:359
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -654,17 +679,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:352
+#: sssd.conf.5.xml:367
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:357
+#: sssd.conf.5.xml:372
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:375
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -672,17 +697,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:686 sssd-krb5.5.xml:223
+#: sssd.conf.5.xml:381 sssd.conf.5.xml:768 sssd-krb5.5.xml:223
msgid "Default: 15"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:371
+#: sssd.conf.5.xml:386
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:374
+#: sssd.conf.5.xml:389
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -691,78 +716,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:396
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:401
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:389
+#: sssd.conf.5.xml:404
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398
+#: sssd.conf.5.xml:413
msgid "override_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:166
+#: sssd.conf.5.xml:422 sssd-krb5.5.xml:166
msgid "%u"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd-krb5.5.xml:167
+#: sssd.conf.5.xml:423 sssd-krb5.5.xml:167
msgid "login name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:411 sssd-krb5.5.xml:170
+#: sssd.conf.5.xml:426 sssd-krb5.5.xml:170
msgid "%U"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:412
+#: sssd.conf.5.xml:427
msgid "UID number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:415 sssd-krb5.5.xml:188
+#: sssd.conf.5.xml:430 sssd-krb5.5.xml:188
msgid "%d"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:416
+#: sssd.conf.5.xml:431
msgid "domain name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:419
+#: sssd.conf.5.xml:434
msgid "%f"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:435
msgid "fully qualified user name (user@domain)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:423 sssd-krb5.5.xml:200
+#: sssd.conf.5.xml:438 sssd-krb5.5.xml:200
msgid "%%"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424 sssd-krb5.5.xml:201
+#: sssd.conf.5.xml:439 sssd-krb5.5.xml:201
msgid "a literal '%'"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:401
+#: sssd.conf.5.xml:416
msgid ""
"Override the user's home directory. You can either provide an absolute value "
"or a template. In the template, the following sequences are substituted: "
@@ -770,138 +795,196 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430
+#: sssd.conf.5.xml:445
msgid "This option can also be set per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:450
+#, fuzzy
+#| msgid "full_name_format (string)"
+msgid "fallback_homedir (string)"
+msgstr "full_name_format (tekst)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:453
+msgid ""
+"Set a default template for a user's home directory if one is not specified "
+"explicitly by the domain's data provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:458
+msgid ""
+"The available values for this option are the same as for override_homedir."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:462
+msgid "Default: not set (no substitution for unset home directories)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:468
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
+#: sssd.conf.5.xml:471
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
+#: sssd.conf.5.xml:474
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
+#: sssd.conf.5.xml:478
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:483
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:455
+#: sssd.conf.5.xml:488
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:458
+#: sssd.conf.5.xml:491
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:462
+#: sssd.conf.5.xml:495
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:500
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:503
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:475
+#: sssd.conf.5.xml:508
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:511
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
+#: sssd.conf.5.xml:515
msgid "Default: /bin/sh"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:520
+msgid "default_shell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:523
+msgid ""
+"The default shell to use if the provider does not return one during lookup. "
+"This option supercedes any other shell options if it takes effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:528
+msgid ""
+"Default: not set (Return NULL if no shell is specified and rely on libc to "
+"substitute something sensible when necessary, usually /bin/sh)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:535 sssd.conf.5.xml:683
+#, fuzzy
+#| msgid "entry_negative_timeout (integer)"
+msgid "get_domains_timeout (int)"
+msgstr "entry_negative_timeout (numeriek)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:538 sssd.conf.5.xml:686
+msgid ""
+"Specifies time in seconds for which the list of subdomains will be "
+"considered valid."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:489
+#: sssd.conf.5.xml:549
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:491
+#: sssd.conf.5.xml:551
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:556
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:499
+#: sssd.conf.5.xml:559
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504 sssd.conf.5.xml:517
+#: sssd.conf.5.xml:564 sssd.conf.5.xml:577
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:570
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:513
+#: sssd.conf.5.xml:573
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:523
+#: sssd.conf.5.xml:583
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:586
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:591
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -909,59 +992,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537 sssd.conf.5.xml:590 sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:597 sssd.conf.5.xml:650 sssd.conf.5.xml:1315
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:603
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:606
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:611
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:554
+#: sssd.conf.5.xml:614
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:557
+#: sssd.conf.5.xml:617
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:621
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:624
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:568 sssd.8.xml:63
+#: sssd.conf.5.xml:628 sssd.8.xml:63
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:573
+#: sssd.conf.5.xml:633
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:636
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -969,7 +1052,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
+#: sssd.conf.5.xml:642
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -978,45 +1061,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:656
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:659 sssd.conf.5.xml:972
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:662
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
"cannot display a warning."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:668 sssd.conf.5.xml:975
+msgid ""
+"If zero is set, then this filter is not applied, i.e. if the expiration "
+"warning was received from backend server, it will automatically be displayed."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:608
-msgid "Default: 7"
+#: sssd.conf.5.xml:673
+msgid ""
+"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
+"emphasis> for a particular domain."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:678 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Standaard: 0"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:616
+#: sssd.conf.5.xml:698
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:618
+#: sssd.conf.5.xml:700
msgid "These options can be used to configure the sudo service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:707
msgid "sudo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:710
msgid ""
"For any sudo request that comes while SSSD is online, the SSSD will attempt "
"to update the cached rules in order to ensure that sudo has the latest "
@@ -1024,7 +1121,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:716
msgid ""
"The user may, however, run a couple of sudo commands successively, which "
"would trigger multiple LDAP requests. In order to speed up this use-case, "
@@ -1033,71 +1130,97 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:641
+#: sssd.conf.5.xml:723
msgid ""
"This option controls how long (in seconds) can the sudo service cache rules "
"for a user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:727
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:732
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:735
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:748
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:750
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:676
+#: sssd.conf.5.xml:758
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:679
+#: sssd.conf.5.xml:761
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
"before asking the back end again."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:776
+#, fuzzy
+#| msgid "NSS configuration options"
+msgid "SSH configuration options"
+msgstr "NSS configuratie-opties"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:778
+#, fuzzy
+#| msgid "These options can be used to configure any service."
+msgid "These options can be used to configure the SSH service."
+msgstr "Deze opties kunnen gebruikt worden om services te configureren."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:786
+msgid "ssh_hash_known_hosts (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:789
+msgid ""
+"Whether or not to hash host names and adresses in the managed known_hosts "
+"file."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:803
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:810
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:706
+#: sssd.conf.5.xml:813
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:711
+#: sssd.conf.5.xml:818
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1106,56 +1229,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:825
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
-msgid ""
-"Timeout in seconds between heartbeats for this domain. This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:738
+#: sssd.conf.5.xml:831
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:834
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:745
+#: sssd.conf.5.xml:838
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:841
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:856 sssd.conf.5.xml:910
+#: sssd.conf.5.xml:844 sssd.conf.5.xml:949 sssd.conf.5.xml:1031
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:754
+#: sssd.conf.5.xml:847
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1165,14 +1271,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:764
+#: sssd.conf.5.xml:857
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:862
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1181,98 +1287,98 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:873
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:876
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:880
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:886
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796
+#: sssd.conf.5.xml:889
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800 sssd.conf.5.xml:813 sssd.conf.5.xml:826
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:893 sssd.conf.5.xml:906 sssd.conf.5.xml:919
+#: sssd.conf.5.xml:932
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:899
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:902
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:819
+#: sssd.conf.5.xml:912
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:915
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:925
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:928
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:938
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:941
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:945
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:861
+#: sssd.conf.5.xml:954
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:957
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1281,47 +1387,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:964
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:969
+msgid "pwd_expiration_warning (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:980
+msgid ""
+"Please note that the backend server has to provide information about the "
+"expiration time of the password. If this information is missing, sssd "
+"cannot display a warning. Also an auth provider has to be configured for the "
+"backend."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:987
+msgid "Default: 7 (Kerberos), 0 (LDAP)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:993
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:880
+#: sssd.conf.5.xml:996
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:1000
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:887
+#: sssd.conf.5.xml:1003
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:890
+#: sssd.conf.5.xml:1006
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:1009
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:899
+#: sssd.conf.5.xml:1015
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:1018
+msgid ""
+"Use the full name and domain (as formatted by the domain's full_name_format) "
+"as the user's login name reported to NSS."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1023
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1330,19 +1462,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:915
+#: sssd.conf.5.xml:1036
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:918
+#: sssd.conf.5.xml:1039
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
+#: sssd.conf.5.xml:1043
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1350,7 +1482,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:929
+#: sssd.conf.5.xml:1050
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1358,30 +1490,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:1057
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1060
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1063
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:1069
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:951
+#: sssd.conf.5.xml:1072
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1389,17 +1521,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
-msgid "<quote>permit</quote> always allow access."
+#: sssd.conf.5.xml:1078
+msgid ""
+"<quote>permit</quote> always allow access. It's the only permitted access "
+"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:960
+#: sssd.conf.5.xml:1081
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1084
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1408,24 +1542,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1091
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1096
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:978
+#: sssd.conf.5.xml:1099
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1104
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1433,7 +1567,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:991
+#: sssd.conf.5.xml:1112
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1441,7 +1575,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1120
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1449,35 +1583,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1007
+#: sssd.conf.5.xml:1128
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1011
+#: sssd.conf.5.xml:1132
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1135
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1021
+#: sssd.conf.5.xml:1142
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1148
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1031
+#: sssd.conf.5.xml:1152
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1485,29 +1619,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
+#: sssd.conf.5.xml:1159
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1041
+#: sssd.conf.5.xml:1162 sssd.conf.5.xml:1246 sssd.conf.5.xml:1271
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1047
+#: sssd.conf.5.xml:1168
msgid "session_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1171
msgid ""
"The provider which should handle loading of session settings. Supported "
"session providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1055
+#: sssd.conf.5.xml:1176
msgid ""
"<quote>ipa</quote> to load session settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1515,66 +1649,153 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1184
msgid "<quote>none</quote> disallows fetching session settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1187
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"session loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1193
+msgid "subdomains_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1196
+msgid ""
+"The provider which should handle fetching of subdomains. This value should "
+"be always the same as id_provider. Supported subdomain providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1201
+msgid ""
+"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1209
+msgid "<quote>none</quote> disallows fetching subdomains explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1212 sssd-ldap.5.xml:1499
+msgid "Default: none"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1218
+msgid "autofs_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1224
+msgid ""
+"The autofs provider used for the domain. Supported autofs providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1228
+msgid ""
+"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1235
+msgid ""
+"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
+"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1243
+msgid "<quote>none</quote> disables autofs explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1253
+msgid "hostid_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1256
+msgid ""
+"The provider used for retrieving host identity information. Supported "
+"hostid providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1260
+msgid ""
+"<quote>ipa</quote> to load host identity stored in an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1268
+msgid "<quote>none</quote> disables hostid explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1278
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1076
+#: sssd.conf.5.xml:1281
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1285
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1083
+#: sssd.conf.5.xml:1288
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1291
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1294
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1092
+#: sssd.conf.5.xml:1297
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1095
+#: sssd.conf.5.xml:1300
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1306
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1104
+#: sssd.conf.5.xml:1309
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1582,51 +1803,83 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1321
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1324
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1328
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1129
+#: sssd.conf.5.xml:1334
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1337
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1138
+#: sssd.conf.5.xml:1343
msgid "case_sensitive (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1346
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1351
msgid "Default: True"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1357
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1360
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1374
+msgid "subdomain_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1377
+msgid ""
+"Use this homedir as default value for all subdomains within this domain. See "
+"<emphasis>override_homedir</emphasis> for info about possible values."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1382
+msgid ""
+"The value can be overridden by <emphasis>override_homedir</emphasis> option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:805
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1634,29 +1887,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1395
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1398
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1401
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1409
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1412
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1664,19 +1917,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1154
+#: sssd.conf.5.xml:1391
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1187
+#: sssd.conf.5.xml:1424
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1426
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1684,73 +1937,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1433
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1436
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1440
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1445
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211
+#: sssd.conf.5.xml:1448
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1453
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1221
+#: sssd.conf.5.xml:1458
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1224
+#: sssd.conf.5.xml:1461
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1228 sssd.conf.5.xml:1240
+#: sssd.conf.5.xml:1465 sssd.conf.5.xml:1477
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1470
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1473
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1245
+#: sssd.conf.5.xml:1482
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1248
+#: sssd.conf.5.xml:1485
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1758,17 +2011,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1256
+#: sssd.conf.5.xml:1493
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1498
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1501
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1777,17 +2030,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1274
+#: sssd.conf.5.xml:1511
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1516
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1519
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1795,17 +2048,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1289
+#: sssd.conf.5.xml:1526
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1531
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1297
+#: sssd.conf.5.xml:1534
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1813,18 +2066,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1540
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1313 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1550 sssd-ldap.5.xml:2145 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:563 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1319
+#: sssd.conf.5.xml:1556
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1854,7 +2107,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1552
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1863,7 +2116,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1587
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -2062,216 +2315,236 @@ msgstr ""
msgid ""
"Specifies the Schema Type in use on the target LDAP server. Depending on "
"the selected schema, the default attribute names retrieved from the servers "
-"may vary. The way that some attributes are handled may also differ. Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
+"may vary. The way that some attributes are handled may also differ. Four "
+"schema types are currently supported: rfc2307 rfc2307bis IPA AD The main "
"difference between these schema types is how group memberships are recorded "
"in the server. With rfc2307, group members are listed by name in the "
"<emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, group "
"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
+"attribute. The AD schema type sets the attributes to correspond with Active "
+"Directory 2008r2 values."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
+#: sssd-ldap.5.xml:183
msgid "Default: rfc2307"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
+#: sssd-ldap.5.xml:189
msgid "ldap_default_bind_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
+#: sssd-ldap.5.xml:192
msgid "The default bind DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
+#: sssd-ldap.5.xml:199
msgid "ldap_default_authtok_type (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
+#: sssd-ldap.5.xml:202
msgid "The type of the authentication token of the default bind DN."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
+#: sssd-ldap.5.xml:206
msgid "The two mechanisms currently supported are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
+#: sssd-ldap.5.xml:209
msgid "password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
+#: sssd-ldap.5.xml:212
msgid "obfuscated_password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
+#: sssd-ldap.5.xml:215
msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
+#: sssd-ldap.5.xml:221
msgid "ldap_default_authtok (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
+#: sssd-ldap.5.xml:224
msgid ""
"The authentication token of the default bind DN. Only clear text passwords "
"are currently supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
+#: sssd-ldap.5.xml:231
msgid "ldap_user_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
+#: sssd-ldap.5.xml:234
msgid "The object class of a user entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
+#: sssd-ldap.5.xml:237
msgid "Default: posixAccount"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
+#: sssd-ldap.5.xml:243
msgid "ldap_user_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
+#: sssd-ldap.5.xml:246
msgid "The LDAP attribute that corresponds to the user's login name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
+#: sssd-ldap.5.xml:250
msgid "Default: uid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
+#: sssd-ldap.5.xml:256
msgid "ldap_user_uid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
+#: sssd-ldap.5.xml:259
msgid "The LDAP attribute that corresponds to the user's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
+#: sssd-ldap.5.xml:263
msgid "Default: uidNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
+#: sssd-ldap.5.xml:269
msgid "ldap_user_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
+#: sssd-ldap.5.xml:272
msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
+#: sssd-ldap.5.xml:276 sssd-ldap.5.xml:758
msgid "Default: gidNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
+#: sssd-ldap.5.xml:282
msgid "ldap_user_gecos (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
+#: sssd-ldap.5.xml:285
msgid "The LDAP attribute that corresponds to the user's gecos field."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
+#: sssd-ldap.5.xml:289
msgid "Default: gecos"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
+#: sssd-ldap.5.xml:295
msgid "ldap_user_home_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
+#: sssd-ldap.5.xml:298
msgid "The LDAP attribute that contains the name of the user's home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
+#: sssd-ldap.5.xml:302
msgid "Default: homeDirectory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
+#: sssd-ldap.5.xml:308
msgid "ldap_user_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
+#: sssd-ldap.5.xml:311
msgid "The LDAP attribute that contains the path to the user's default shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
+#: sssd-ldap.5.xml:315
msgid "Default: loginShell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
+#: sssd-ldap.5.xml:321
msgid "ldap_user_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
+#: sssd-ldap.5.xml:324
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
+#: sssd-ldap.5.xml:328 sssd-ldap.5.xml:784 sssd-ldap.5.xml:911
msgid "Default: nsUniqueId"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
+#: sssd-ldap.5.xml:334
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "ldap_user_objectsid (string)"
+msgstr "re_expression (tekst)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:337
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP user object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:342 sssd-ldap.5.xml:798
+msgid "Default: objectSid for ActiveDirectory, not set for other servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:349
msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
+#: sssd-ldap.5.xml:352 sssd-ldap.5.xml:808 sssd-ldap.5.xml:920
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
+#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:812 sssd-ldap.5.xml:927
msgid "Default: modifyTimestamp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
+#: sssd-ldap.5.xml:362
msgid "ldap_user_shadow_last_change (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
+#: sssd-ldap.5.xml:365
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2280,17 +2553,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
+#: sssd-ldap.5.xml:375
msgid "Default: shadowLastChange"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
+#: sssd-ldap.5.xml:381
msgid "ldap_user_shadow_min (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
+#: sssd-ldap.5.xml:384
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2299,17 +2572,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
+#: sssd-ldap.5.xml:393
msgid "Default: shadowMin"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
+#: sssd-ldap.5.xml:399
msgid "ldap_user_shadow_max (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
+#: sssd-ldap.5.xml:402
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2318,17 +2591,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
+#: sssd-ldap.5.xml:411
msgid "Default: shadowMax"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
+#: sssd-ldap.5.xml:417
msgid "ldap_user_shadow_warning (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
+#: sssd-ldap.5.xml:420
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2337,17 +2610,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
+#: sssd-ldap.5.xml:430
msgid "Default: shadowWarning"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
+#: sssd-ldap.5.xml:436
msgid "ldap_user_shadow_inactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
+#: sssd-ldap.5.xml:439
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2356,17 +2629,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
+#: sssd-ldap.5.xml:449
msgid "Default: shadowInactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
+#: sssd-ldap.5.xml:455
msgid "ldap_user_shadow_expire (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
+#: sssd-ldap.5.xml:458
msgid ""
"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
"parameter contains the name of an LDAP attribute corresponding to its "
@@ -2375,17 +2648,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
+#: sssd-ldap.5.xml:468
msgid "Default: shadowExpire"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
+#: sssd-ldap.5.xml:474
msgid "ldap_user_krb_last_pwd_change (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
+#: sssd-ldap.5.xml:477
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time of last password change in "
@@ -2393,158 +2666,158 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
+#: sssd-ldap.5.xml:483
msgid "Default: krbLastPwdChange"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
+#: sssd-ldap.5.xml:489
msgid "ldap_user_krb_password_expiration (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
+#: sssd-ldap.5.xml:492
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time when current password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
+#: sssd-ldap.5.xml:498
msgid "Default: krbPasswordExpiration"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
+#: sssd-ldap.5.xml:504
msgid "ldap_user_ad_account_expires (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
+#: sssd-ldap.5.xml:507
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the expiration time of the account."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
+#: sssd-ldap.5.xml:512
msgid "Default: accountExpires"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
+#: sssd-ldap.5.xml:518
msgid "ldap_user_ad_user_account_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
+#: sssd-ldap.5.xml:521
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the user account control bit field."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
+#: sssd-ldap.5.xml:526
msgid "Default: userAccountControl"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
+#: sssd-ldap.5.xml:532
msgid "ldap_ns_account_lock (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
+#: sssd-ldap.5.xml:535
msgid ""
"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
"determines if access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
+#: sssd-ldap.5.xml:540
msgid "Default: nsAccountLock"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
+#: sssd-ldap.5.xml:546
msgid "ldap_user_nds_login_disabled (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
+#: sssd-ldap.5.xml:549
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines if "
"access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
+#: sssd-ldap.5.xml:553 sssd-ldap.5.xml:567
msgid "Default: loginDisabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
+#: sssd-ldap.5.xml:559
msgid "ldap_user_nds_login_expiration_time (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
+#: sssd-ldap.5.xml:562
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines until "
"which date access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
+#: sssd-ldap.5.xml:573
msgid "ldap_user_nds_login_allowed_time_map (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
+#: sssd-ldap.5.xml:576
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines the "
"hours of a day in a week when access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
+#: sssd-ldap.5.xml:581
msgid "Default: loginAllowedTimeMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
+#: sssd-ldap.5.xml:587
msgid "ldap_user_principal (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
+#: sssd-ldap.5.xml:590
msgid ""
"The LDAP attribute that contains the user's Kerberos User Principal Name "
"(UPN)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
+#: sssd-ldap.5.xml:594
msgid "Default: krbPrincipalName"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
+#: sssd-ldap.5.xml:600
msgid "ldap_user_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
+#: sssd-ldap.5.xml:603
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
+#: sssd-ldap.5.xml:610
msgid "ldap_force_upper_case_realm (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
+#: sssd-ldap.5.xml:613
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -2553,29 +2826,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
+#: sssd-ldap.5.xml:626
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
+#: sssd-ldap.5.xml:629
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:634 sssd-ldap.5.xml:1887
msgid "Default: 300"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
+#: sssd-ldap.5.xml:640
msgid "ldap_purge_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
+#: sssd-ldap.5.xml:643
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -2583,54 +2856,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
+#: sssd-ldap.5.xml:649
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
+#: sssd-ldap.5.xml:653
msgid "Default: 10800 (12 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
+#: sssd-ldap.5.xml:659
msgid "ldap_user_fullname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
+#: sssd-ldap.5.xml:662
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
+#: sssd-ldap.5.xml:666 sssd-ldap.5.xml:745 sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:952 sssd-ldap.5.xml:1742 sssd-ldap.5.xml:1960
+#: sssd-ipa.5.xml:441
msgid "Default: cn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
+#: sssd-ldap.5.xml:672
msgid "ldap_user_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
+#: sssd-ldap.5.xml:675
msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
+#: sssd-ldap.5.xml:679 sssd-ipa.5.xml:345
msgid "Default: memberOf"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
+#: sssd-ldap.5.xml:685
msgid "ldap_user_authorized_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
+#: sssd-ldap.5.xml:688
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -2638,24 +2911,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
+#: sssd-ldap.5.xml:695
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:700
msgid "Default: authorizedService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
+#: sssd-ldap.5.xml:706
msgid "ldap_user_authorized_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
+#: sssd-ldap.5.xml:709
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -2663,89 +2936,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
+#: sssd-ldap.5.xml:715
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
+#: sssd-ldap.5.xml:720
msgid "Default: host"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:726
msgid "ldap_group_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
+#: sssd-ldap.5.xml:729
msgid "The object class of a group entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
+#: sssd-ldap.5.xml:732
msgid "Default: posixGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:738
msgid "ldap_group_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
+#: sssd-ldap.5.xml:741
msgid "The LDAP attribute that corresponds to the group name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:751
msgid "ldap_group_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:754
msgid "The LDAP attribute that corresponds to the group's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
+#: sssd-ldap.5.xml:764
msgid "ldap_group_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
+#: sssd-ldap.5.xml:767
msgid "The LDAP attribute that contains the names of the group's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
+#: sssd-ldap.5.xml:771
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
+#: sssd-ldap.5.xml:777
msgid "ldap_group_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:780
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:790
+msgid "ldap_group_objectsid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:793
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP group object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:805
msgid "ldap_group_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:818
msgid "ldap_group_nesting_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:821
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -2753,198 +3038,198 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
+#: sssd-ldap.5.xml:828
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:834
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
+#: sssd-ldap.5.xml:837
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
+#: sssd-ldap.5.xml:840
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:844
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
+#: sssd-ldap.5.xml:850
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
+#: sssd-ldap.5.xml:853
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:857
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
+#: sssd-ldap.5.xml:867
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
+#: sssd-ldap.5.xml:870
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
+#: sssd-ldap.5.xml:874
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:878
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:884
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
+#: sssd-ldap.5.xml:887
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
+#: sssd-ldap.5.xml:891 sssd-ldap.5.xml:924
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:894
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
+#: sssd-ldap.5.xml:900
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
+#: sssd-ldap.5.xml:903
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
+#: sssd-ldap.5.xml:907
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
+#: sssd-ldap.5.xml:917
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:933
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:936
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:939
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:945
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:948
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
+#: sssd-ldap.5.xml:958
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
+#: sssd-ldap.5.xml:961
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
+#: sssd-ldap.5.xml:965
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
+#: sssd-ldap.5.xml:971
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:974
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
+#: sssd-ldap.5.xml:978
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
+#: sssd-ldap.5.xml:984
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:987
msgid "An optional base DN to restrict service searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
+#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1997 sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2035 sssd-ldap.5.xml:2098 sssd-ldap.5.xml:2120
+#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 sssd-ipa.5.xml:206
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
+#: sssd-ldap.5.xml:996 sssd-ldap.5.xml:2002 sssd-ldap.5.xml:2021
+#: sssd-ldap.5.xml:2040 sssd-ldap.5.xml:2103 sssd-ldap.5.xml:2125
#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
+#: sssd-ldap.5.xml:1003
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1006
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2952,7 +3237,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
+#: sssd-ldap.5.xml:1012
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2960,35 +3245,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
+#: sssd-ldap.5.xml:1018 sssd-ldap.5.xml:1060 sssd-ldap.5.xml:1075
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1024
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1027
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
"are returned (and offline mode is entered)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1040
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1043
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2999,12 +3279,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
+#: sssd-ldap.5.xml:1066
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
+#: sssd-ldap.5.xml:1069
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -3012,12 +3292,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1081
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1084
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -3026,34 +3306,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
+#: sssd-ldap.5.xml:1092
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1098
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
+#: sssd-ldap.5.xml:1101
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1106
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
+#: sssd-ldap.5.xml:1112
+msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1115
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -3061,27 +3341,50 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
+#: sssd-ldap.5.xml:1121
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1127
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
"requests being denied."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1133 include/ldap_id_mapping.xml:184
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1139
+msgid "ldap_sasl_minssf (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1142
+msgid ""
+"When communicating with an LDAP server using SASL, specify the minimum "
+"security level necessary to establish the connection. The values of this "
+"option are defined by OpenLDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1148
+msgid "Default: Use the system default (usually specified by ldap.conf)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1155
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1158
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -3089,13 +3392,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1164
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1168
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -3104,7 +3407,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
+#: sssd-ldap.5.xml:1176
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -3112,26 +3415,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1189
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
+#: sssd-ldap.5.xml:1192
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1198
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
+#: sssd-ldap.5.xml:1202
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3139,7 +3442,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1209
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3147,7 +3450,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1215
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3155,41 +3458,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1221
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1225
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
+#: sssd-ldap.5.xml:1231
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
+#: sssd-ldap.5.xml:1234
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
+#: sssd-ldap.5.xml:1239 sssd-ldap.5.xml:1257 sssd-ldap.5.xml:1298
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1246
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1249
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3198,38 +3501,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1264
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1267
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1271 sssd-ldap.5.xml:1283 sssd-ldap.5.xml:1344
+#: sssd-ldap.5.xml:2058 sssd-ldap.5.xml:2085 sssd-krb5.5.xml:359
+#: include/ldap_id_mapping.xml:145 include/ldap_id_mapping.xml:156
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1277
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1280
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
+#: sssd-ldap.5.xml:1289
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
+#: sssd-ldap.5.xml:1292
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3237,90 +3541,103 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1305
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1308
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
+#: sssd-ldap.5.xml:1318
+msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1321
msgid ""
-"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
-"supported."
+"Specifies that SSSD should attempt to map user and group IDs from the "
+"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
+"on ldap_user_uid_number and ldap_group_gid_number."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
+#: sssd-ldap.5.xml:1327
+msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1337
+msgid "ldap_sasl_mech (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1340
+msgid ""
+"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
+"supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1350
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
+#: sssd-ldap.5.xml:1353
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
+#: sssd-ldap.5.xml:1358
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1364
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
+#: sssd-ldap.5.xml:1367
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
+#: sssd-ldap.5.xml:1372
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1378
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
+#: sssd-ldap.5.xml:1381
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1384
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
+#: sssd-ldap.5.xml:1390
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
+#: sssd-ldap.5.xml:1393
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -3328,27 +3645,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1405
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1408
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
+#: sssd-ldap.5.xml:1412
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1418 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1421 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -3360,7 +3677,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1433 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -3368,7 +3685,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1438 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -3376,53 +3693,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1447 sssd-ipa.5.xml:235 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1450
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
+#: sssd-ldap.5.xml:1453
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1459 sssd-ipa.5.xml:250 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1462
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
+#: sssd-ldap.5.xml:1474
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
+#: sssd-ldap.5.xml:1477
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1482
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
+#: sssd-ldap.5.xml:1487
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -3430,7 +3747,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
+#: sssd-ldap.5.xml:1493
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -3438,76 +3755,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1505
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1508
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
+#: sssd-ldap.5.xml:1512
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1517
+msgid ""
+"Chasing referrals may incur a performance penalty in environments that use "
+"them heavily, a notable example is Microsoft Active Directory. If your setup "
+"does not in fact require the use of referrals, setting this option to false "
+"might bring a noticeable performance improvement."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1531
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1534
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1538
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1544
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
+#: sssd-ldap.5.xml:1547
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1552
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
+#: sssd-ldap.5.xml:1558
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1561
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
+"it will result in all users being denied access. Use access_provider = "
+"permit to change this default behavior."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:1571 sssd-ldap.5.xml:2061
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
+#: sssd-ldap.5.xml:1574
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3516,14 +3842,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1578
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
+#: sssd-ldap.5.xml:1583
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3532,24 +3858,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1591 sssd-ldap.5.xml:1641
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1597
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1600
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1604
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3557,19 +3883,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1611
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1614
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1619
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3578,7 +3904,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1626
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3586,7 +3912,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
+#: sssd-ldap.5.xml:1632
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3595,89 +3921,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
+#: sssd-ldap.5.xml:1647
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
+#: sssd-ldap.5.xml:1650
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1654
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1657
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1661
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
+#: sssd-ldap.5.xml:1666
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1670
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1673
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1680
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
+#: sssd-ldap.5.xml:1683
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1688
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1692
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1697
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1702
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1707
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3694,212 +4020,212 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1718
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1723
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
+#: sssd-ldap.5.xml:1726
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1729
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1735
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1738
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1748
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1751
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
+#: sssd-ldap.5.xml:1755
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
+#: sssd-ldap.5.xml:1761
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
+#: sssd-ldap.5.xml:1764
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
+#: sssd-ldap.5.xml:1769
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1775
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
+#: sssd-ldap.5.xml:1778
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
+#: sssd-ldap.5.xml:1782
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1788
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
+#: sssd-ldap.5.xml:1791
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
+#: sssd-ldap.5.xml:1795
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
+#: sssd-ldap.5.xml:1801
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1804
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
+#: sssd-ldap.5.xml:1808
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
+#: sssd-ldap.5.xml:1814
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
+#: sssd-ldap.5.xml:1817
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
+#: sssd-ldap.5.xml:1821
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
+#: sssd-ldap.5.xml:1827
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
+#: sssd-ldap.5.xml:1830
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1834
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
+#: sssd-ldap.5.xml:1840
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
+#: sssd-ldap.5.xml:1843
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1848
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1854
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1857
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
+#: sssd-ldap.5.xml:1861
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1867
msgid "ldap_sudo_refresh_enabled (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1870
msgid ""
"Enables periodical download of all sudo rules. The cache is purged before "
"each update."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1880
msgid "ldap_sudo_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
+#: sssd-ldap.5.xml:1883
msgid ""
"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1721
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1894
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -3908,76 +4234,76 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1904
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
+#: sssd-ldap.5.xml:1906
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1913
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1916 sssd-ldap.5.xml:1942
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1919 sssd-ldap.5.xml:1946
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
+#: sssd-ldap.5.xml:1926
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
+#: sssd-ldap.5.xml:1929
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
+#: sssd-ldap.5.xml:1932
msgid "Default: ou"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1939
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1953
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
+#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:1970
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1967
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1974
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1911
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -3986,62 +4312,62 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
+#: sssd-ldap.5.xml:1983
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
+#: sssd-ldap.5.xml:1990
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
+#: sssd-ldap.5.xml:1993
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:2009
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
+#: sssd-ldap.5.xml:2012
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
+#: sssd-ldap.5.xml:2028
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:2031
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:2047
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
+#: sssd-ldap.5.xml:2050
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
+#: sssd-ldap.5.xml:2054
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2064
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -4049,55 +4375,55 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
+#: sssd-ldap.5.xml:2067
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2074
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
+#: sssd-ldap.5.xml:2077
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2081
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2091
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2094
msgid ""
"An optional base DN to restrict sudo rules searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
+#: sssd-ldap.5.xml:2113
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
+#: sssd-ldap.5.xml:2116
msgid ""
"An optional base DN to restrict automounter searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1985
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -4105,7 +4431,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2147
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -4113,7 +4439,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
+#: sssd-ldap.5.xml:2153
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -4126,19 +4452,19 @@ msgid ""
" enumerate = true\n"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
+#. type: Content of: <refsect1><refsect2><para>
+#: sssd-ldap.5.xml:2152 sssd-simple.5.xml:134 sssd-ipa.5.xml:571
+#: sssd-krb5.5.xml:441 include/ldap_id_mapping.xml:63
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:2166 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
+#: sssd-ldap.5.xml:2168
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -4147,7 +4473,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
+#: sssd-ldap.5.xml:2179
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -4669,40 +4995,55 @@ msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:199
+msgid "ipa_subdomains_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:202
+msgid "Optional. Use the given string as search base for trusted domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:218 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:221 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
+#: sssd-ipa.5.xml:228
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
+#: sssd-ipa.5.xml:238
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:242
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
+#: sssd-ipa.5.xml:253
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -4710,12 +5051,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
+#: sssd-ipa.5.xml:266
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
+#: sssd-ipa.5.xml:269
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -4723,17 +5064,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
+#: sssd-ipa.5.xml:276
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
+#: sssd-ipa.5.xml:281
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
+#: sssd-ipa.5.xml:284
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -4742,313 +5083,313 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
+#: sssd-ipa.5.xml:293
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
+#: sssd-ipa.5.xml:298
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
+#: sssd-ipa.5.xml:303
msgid "Default: DENY_ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
+#: sssd-ipa.5.xml:308
msgid "ipa_hbac_support_srchost (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:311
msgid ""
"If this is set to false, then srchost as given to SSSD by PAM will be "
"ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
+#: sssd-ipa.5.xml:315
msgid ""
"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
+#: sssd-ipa.5.xml:326
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
+#: sssd-ipa.5.xml:329
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
+#: sssd-ipa.5.xml:332
msgid "Default: The location named \"default\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:338
msgid "ipa_netgroup_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
+#: sssd-ipa.5.xml:341
msgid "The LDAP attribute that lists netgroup's memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
+#: sssd-ipa.5.xml:350
msgid "ipa_netgroup_member_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
+#: sssd-ipa.5.xml:353
msgid ""
"The LDAP attribute that lists system users and groups that are direct "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:358 sssd-ipa.5.xml:453
msgid "Default: memberUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
+#: sssd-ipa.5.xml:363
msgid "ipa_netgroup_member_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:366
msgid ""
"The LDAP attribute that lists hosts and host groups that are direct members "
"of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:370 sssd-ipa.5.xml:465
msgid "Default: memberHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:375
msgid "ipa_netgroup_member_ext_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
+#: sssd-ipa.5.xml:378
msgid ""
"The LDAP attribute that lists FQDNs of hosts and host groups that are "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
+#: sssd-ipa.5.xml:382
msgid "Default: externalHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
+#: sssd-ipa.5.xml:387
msgid "ipa_netgroup_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:390
msgid "The LDAP attribute that contains NIS domain name of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
+#: sssd-ipa.5.xml:394
msgid "Default: nisDomainName"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
+#: sssd-ipa.5.xml:400
msgid "ipa_host_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
+#: sssd-ipa.5.xml:403 sssd-ipa.5.xml:426
msgid "The object class of a host entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
+#: sssd-ipa.5.xml:406 sssd-ipa.5.xml:429
msgid "Default: ipaHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:411
msgid "ipa_host_fqdn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
+#: sssd-ipa.5.xml:414
msgid "The LDAP attribute that contains FQDN of the host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
+#: sssd-ipa.5.xml:417
msgid "Default: fqdn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
+#: sssd-ipa.5.xml:423
msgid "ipa_selinux_usermap_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
+#: sssd-ipa.5.xml:434
msgid "ipa_selinux_usermap_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:437
msgid "The LDAP attribute that contains the name of SELinux usermap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:446
msgid "ipa_selinux_usermap_member_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
+#: sssd-ipa.5.xml:449
msgid ""
"The LDAP attribute that contains all users / groups this rule match against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
+#: sssd-ipa.5.xml:458
msgid "ipa_selinux_usermap_member_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
+#: sssd-ipa.5.xml:461
msgid ""
"The LDAP attribute that contains all hosts / hostgroups this rule match "
"against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:470
msgid "ipa_selinux_usermap_see_also (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:473
msgid ""
"The LDAP attribute that contains DN of HBAC rule which can be used for "
"matching instead of memberUser and memberHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
+#: sssd-ipa.5.xml:478
msgid "Default: seeAlso"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
+#: sssd-ipa.5.xml:483
msgid "ipa_selinux_usermap_selinux_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:486
msgid "The LDAP attribute that contains SELinux user string itself."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:490
msgid "Default: ipaSELinuxUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
+#: sssd-ipa.5.xml:495
msgid "ipa_selinux_usermap_enabled (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
+#: sssd-ipa.5.xml:498
msgid ""
"The LDAP attribute that contains whether or not is user map enabled for "
"usage."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:502
msgid "Default: ipaEnabledFlag"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
+#: sssd-ipa.5.xml:507
msgid "ipa_selinux_usermap_user_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:510
msgid "The LDAP attribute that contains user category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
+#: sssd-ipa.5.xml:514
msgid "Default: userCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:519
msgid "ipa_selinux_usermap_host_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:522
msgid "The LDAP attribute that contains host category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
+#: sssd-ipa.5.xml:526
msgid "Default: hostCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:531
msgid "ipa_selinux_usermap_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
+#: sssd-ipa.5.xml:534
msgid "The LDAP attribute that contains unique ID of the user map."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
+#: sssd-ipa.5.xml:538
msgid "Default: ipaUniqueID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
+#: sssd-ipa.5.xml:543
msgid "ipa_host_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
+#: sssd-ipa.5.xml:546
msgid "The LDAP attribute that contains the host's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:550
msgid "Default: ipaSshPubKey"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:565
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -5056,7 +5397,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:572
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -5066,7 +5407,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
+#: sssd-ipa.5.xml:583
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -5143,11 +5484,6 @@ msgstr ""
msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Standaard: 0"
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:85
msgid "<option>-f</option>,<option>--debug-to-files</option>"
@@ -5528,7 +5864,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
+#: sss_useradd.8.xml:171
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6002,7 +6338,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
+#: sss_groupadd.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6087,7 +6423,7 @@ msgid "Before actually deleting the user, terminate all his processes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
+#: sss_userdel.8.xml:97
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6126,7 +6462,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
+#: sss_groupdel.8.xml:50
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6179,7 +6515,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
+#: sss_groupshow.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6268,7 +6604,7 @@ msgid "The SELinux user for the user's login."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
+#: sss_usermod.8.xml:142
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6378,13 +6714,85 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:108
+#, fuzzy
+#| msgid ""
+#| "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
+#| "replaceable>"
msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"<option>-s</option>,<option>--service</option> <replaceable>service</"
"replaceable>"
msgstr ""
+"<option>-r</option>,<option>--remove-group</option> <replaceable>GROEPEN</"
+"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:113
+msgid "Invalidate specific service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:119
+#, fuzzy
+#| msgid ""
+#| "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
+#| "replaceable>"
+msgid "<option>-S</option>,<option>--services</option>"
+msgstr ""
+"<option>-r</option>,<option>--remove-group</option> <replaceable>GROEPEN</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:123
+msgid ""
+"Invalidate all service records. This option overrides invalidation of "
+"specific service if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:130
+#, fuzzy
+#| msgid ""
+#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
+#| "replaceable>"
+msgid ""
+"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
+"replaceable>"
+msgstr ""
+"<option>-a</option>,<option>--append-group</option> <replaceable>GROEPEN</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:135
+msgid "Invalidate specific autofs maps."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:141
+#, fuzzy
+#| msgid ""
+#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
+#| "replaceable>"
+msgid "<option>-A</option>,<option>--autofs-maps</option>"
+msgstr ""
+"<option>-a</option>,<option>--append-group</option> <replaceable>GROEPEN</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:145
+msgid ""
+"Invalidate all autofs maps. This option overrides invalidation of specific "
+"map if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:152
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:157
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -6609,7 +7017,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
msgid "Configuration"
msgstr ""
@@ -6725,6 +7133,237 @@ msgid ""
"offline mode, and then attempts to reconnect every 30 seconds."
msgstr ""
+#. type: Content of: <refsect1><title>
+#: include/ldap_id_mapping.xml:2
+msgid "ID MAPPING"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:4
+msgid ""
+"The ID-mapping feature allows SSSD to act as a client of Active Directory "
+"without requiring administrators to extend user attributes to support POSIX "
+"attributes for user and group identifiers."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:9
+msgid ""
+"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are "
+"ignored. This is to avoid the possibility of conflicts between automatically-"
+"assigned and manually-assigned values. If you need to use manually-assigned "
+"values, ALL values must be manually-assigned."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:17
+msgid "Mapping Algorithm"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:19
+msgid ""
+"Active Directory provides an objectSID for every user and group object in "
+"the directory. This objectSID can be broken up into components that "
+"represent the Active Directory domain identity and the relative identifier "
+"(RID) of the user or group object."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:25
+msgid ""
+"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
+"into equally-sized component sections - called \"slices\"-. Each slice "
+"represents the space available to an Active Directory domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:31
+msgid ""
+"When a user or group entry for a particular domain is encountered for the "
+"first time, the SSSD allocates one of the available slices for that domain. "
+"In order to make this slice-assignment repeatable on different client "
+"machines, we select the slice based on the following algorithm:"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:38
+msgid ""
+"The SID string is passed through the murmurhash3 algorithm to convert it to "
+"a 32-bit hashed value. We then take the modulus of this value with the total "
+"number of available slices to pick the slice."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:44
+msgid ""
+"NOTE: It is possible to encounter collisions in the hash and subsequent "
+"modulus. In these situations, we will select the next available slice, but "
+"it may not be possible to reproduce the same exact set of slices on other "
+"machines (since the order that they are encountered will determine their "
+"slice). In this situation, it is recommended to either switch to using "
+"explicit POSIX attributes in Active Directory (disabling ID-mapping) or "
+"configure a default domain to guarantee that at least one is always "
+"consistent. See <quote>Configuration</quote> for details."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:59
+msgid ""
+"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><programlisting>
+#: include/ldap_id_mapping.xml:64
+#, no-wrap
+msgid ""
+"ldap_id_mapping = True\n"
+"ldap_schema = ad\n"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:69
+msgid ""
+"The default configuration results in configuring 10,000 slices, each capable "
+"of holding up to 200,000 IDs, starting from 10,001 and going up to "
+"2,000,100,000. This should be sufficient for most deployments."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><title>
+#: include/ldap_id_mapping.xml:75
+msgid "Advanced Configuration"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:78
+msgid "ldap_idmap_range_min (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:81
+msgid ""
+"Specifies the lower bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:85
+msgid ""
+"NOTE: This option is different from <quote>id_mn</quote> in that "
+"<quote>id_min</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_min</"
+"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:95
+#, fuzzy
+#| msgid "Default: 120"
+msgid "Default: 10001"
+msgstr "Standaard: 120"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:100
+msgid "ldap_idmap_range_max (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:103
+msgid ""
+"Specifies the upper bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:107
+msgid ""
+"NOTE: This option is different from <quote>id_max</quote> in that "
+"<quote>id_max</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_max</"
+"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:117
+#, fuzzy
+#| msgid "Default: 120"
+msgid "Default: 2000100000"
+msgstr "Standaard: 120"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:122
+msgid "ldap_idmap_range_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:125
+msgid ""
+"Specifies the number of IDs available for each slice. If the range size "
+"does not divide evenly into the min and max values, it will create as many "
+"complete slices as it can."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:131
+#, fuzzy
+#| msgid "Default: 120"
+msgid "Default: 200000"
+msgstr "Standaard: 120"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:136
+msgid "ldap_idmap_default_domain_sid (string)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:139
+msgid ""
+"Specify the domain SID of the default domain. This will guarantee that this "
+"domain will always be assigned to slice zero in the ID map, bypassing the "
+"murmurhash algorithm described above."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:150
+msgid "ldap_idmap_default_domain (string)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:153
+msgid "Specify the name of the default domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:161
+msgid "ldap_idmap_autorid_compat (boolean)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:164
+msgid ""
+"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
+"winbind's <quote>idmap_autorid</quote> algorithm."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:169
+msgid ""
+"When this option is configured, domains will be allocated starting with "
+"slice zero and increasing monatomically with each additional domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:174
+msgid ""
+"NOTE: This algorithm is non-deterministic (it depends on the order that "
+"users and groups are requested). If this mode is required for compatibility "
+"with machines running winbind, it is recommended to also use the "
+"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at "
+"least one domain is consistently allocated to slice zero."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-h</option>,<option>--help</option>"
@@ -6844,3 +7483,27 @@ msgid ""
"<emphasis> This is an experimental feature, please use http://fedorahosted."
"org/sssd to report any issues. </emphasis>"
msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/local.xml:2
+msgid "THE LOCAL DOMAIN"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:4
+msgid ""
+"In order to function correctly, a domain with <quote>id_provider=local</"
+"quote> must be created and the SSSD must be running."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:9
+msgid ""
+"The administrator might want to use the SSSD local users instead of "
+"traditional UNIX users in cases where the group nesting (see <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>) is needed. The local users are also useful for testing and "
+"development of the SSSD without having to deploy a full remote server. The "
+"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
+"local LDB storage to store users and groups."
+msgstr ""
diff --git a/src/man/po/pt.po b/src/man/po/pt.po
index b7fc6895a..be27d826e 100644
--- a/src/man/po/pt.po
+++ b/src/man/po/pt.po
@@ -8,8 +8,8 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-03-12 16:37-0300\n"
-"PO-Revision-Date: 2012-03-08 11:52+0000\n"
+"POT-Creation-Date: 2012-05-11 14:59-0300\n"
+"PO-Revision-Date: 2012-04-20 17:34+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: Portuguese <trans-pt@lists.fedoraproject.org>\n"
"Language: pt\n"
@@ -127,18 +127,18 @@ msgstr ""
"<replaceable>GROUPS</replaceable>."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1348 sssd-ldap.5.xml:2096
+#: sss_groupmod.8.xml:74 sssd.conf.5.xml:1585 sssd-ldap.5.xml:2177
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138 sss_ssh_authorizedkeys.1.xml:96
+#: sssd-ipa.5.xml:581 sssd.8.xml:191 sss_obfuscate.8.xml:103
+#: sss_useradd.8.xml:169 sssd-krb5.5.xml:451 sss_groupadd.8.xml:60
+#: sss_userdel.8.xml:95 sss_groupdel.8.xml:48 sss_groupshow.8.xml:60
+#: sss_usermod.8.xml:140 sss_ssh_authorizedkeys.1.xml:96
#: sss_ssh_knownhostsproxy.1.xml:95
msgid "SEE ALSO"
msgstr "VER TAMBÉM"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
+#: sss_groupmod.8.xml:76
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -258,7 +258,7 @@ msgid "The [sssd] section"
msgstr "A seção [SSSD]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:1431
msgid "Section parameters"
msgstr "Parâmetros de secção"
@@ -292,16 +292,18 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:88
msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
+"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
+"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
+"\"with_ssh\">, ssh</phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
+#: sssd.conf.5.xml:96 sssd.conf.5.xml:288
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
+#: sssd.conf.5.xml:99 sssd.conf.5.xml:291
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -310,17 +312,17 @@ msgstr ""
"falha do provedor de dados ou reiniciar antes de eles desistirem"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
+#: sssd.conf.5.xml:104 sssd.conf.5.xml:296
msgid "Default: 3"
msgstr "Padrão: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:109
msgid "domains"
msgstr "domínios"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:112
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -333,19 +335,19 @@ msgstr ""
"domínios na ordem desejada."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
+#: sssd.conf.5.xml:122
msgid "re_expression (string)"
msgstr "re_expression (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
+#: sssd.conf.5.xml:125
msgid ""
"Regular expression that describes how to parse the string containing user "
"name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
+#: sssd.conf.5.xml:129
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -353,7 +355,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
+#: sssd.conf.5.xml:134
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -361,19 +363,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:141
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
+#: sssd.conf.5.xml:148
msgid "full_name_format (string)"
msgstr "full_name_format (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
+#: sssd.conf.5.xml:151
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to translate "
@@ -381,17 +383,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
+#: sssd.conf.5.xml:159
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Default: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
+#: sssd.conf.5.xml:164
msgid "try_inotify (boolean)"
msgstr "try_inotify (boolean)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
+#: sssd.conf.5.xml:167
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -400,7 +402,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
+#: sssd.conf.5.xml:175
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -408,45 +410,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
+#: sssd.conf.5.xml:181
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:185
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
+#: sssd.conf.5.xml:192
msgid "krb5_rcache_dir (string)"
msgstr "krb5_rcache_dir (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
+#: sssd.conf.5.xml:195
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
+#: sssd.conf.5.xml:199
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
+#: sssd.conf.5.xml:205
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:212
+#, fuzzy
+#| msgid "timeout (integer)"
+msgid "force_timeout (integer)"
+msgstr "timeout (integer)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:215
+msgid ""
+"If a service is not responding to ping checks (see the <quote>timeout</"
+"quote> option), it is first sent the SIGTERM signal that instructs it to "
+"quit gracefully. If the service does not terminate after "
+"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down "
+"by sending a SIGKILL signal."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:542 sssd.conf.5.xml:690
+#: sssd-ldap.5.xml:1034
+msgid "Default: 60"
+msgstr "Padrão: 60"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:63
msgid ""
@@ -459,12 +484,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
+#: sssd.conf.5.xml:234
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
+#: sssd.conf.5.xml:236
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -473,128 +498,128 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
+#: sssd.conf.5.xml:243
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
+#: sssd.conf.5.xml:245
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
+#: sssd.conf.5.xml:249
msgid "debug_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
+#: sssd.conf.5.xml:253
msgid "debug_timestamps (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
+#: sssd.conf.5.xml:256
msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:393 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:408 sssd.conf.5.xml:793
+#: sssd-ldap.5.xml:1399 sssd-ldap.5.xml:1525 sssd-ipa.5.xml:225
+#: sssd-ipa.5.xml:260
msgid "Default: true"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
+#: sssd.conf.5.xml:264
msgid "debug_microseconds (bool)"
msgstr "debug_microseconds (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
+#: sssd.conf.5.xml:267
msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:658 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:270 sssd.conf.5.xml:740 sssd.conf.5.xml:1368
+#: sssd-ldap.5.xml:620 sssd-ldap.5.xml:1312 sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1468 sssd-ldap.5.xml:1874 sssd-ipa.5.xml:123
+#: sssd-ipa.5.xml:320 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269
+#: sssd-krb5.5.xml:418
msgid "Default: false"
msgstr "Padrão: false"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "fd_limit"
-msgstr ""
+#: sssd.conf.5.xml:275
+msgid "timeout (integer)"
+msgstr "timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:278
msgid ""
-"This option specifies the maximum number of file descriptors that may be "
-"opened at one time by this SSSD process. On systems where SSSD is granted "
-"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
-"systems without this capability, the resulting value will be the lower value "
-"of this or the limits.conf \"hard\" limit."
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:282
-msgid "Default: 8192 (or limits.conf \"hard\" limit)"
-msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:283 sssd-ldap.5.xml:1183
+msgid "Default: 10"
+msgstr "Padrão: 10"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:287
-msgid "command (string)"
+#: sssd.conf.5.xml:301
+msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:290
+#: sssd.conf.5.xml:304
msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>. This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
+"This option specifies the maximum number of file descriptors that may be "
+"opened at one time by this SSSD process. On systems where SSSD is granted "
+"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
+"systems without this capability, the resulting value will be the lower value "
+"of this or the limits.conf \"hard\" limit."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298
-msgid "Default: <command>sssd_${service_name}</command>"
+#: sssd.conf.5.xml:313
+msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:306
+#: sssd.conf.5.xml:321
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:308
+#: sssd.conf.5.xml:323
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:313
+#: sssd.conf.5.xml:328
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316
+#: sssd.conf.5.xml:331
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:335
msgid "Default: 120"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:325
+#: sssd.conf.5.xml:340
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:328
+#: sssd.conf.5.xml:343
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -602,7 +627,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:349
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -612,7 +637,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:359
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -621,17 +646,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:352
+#: sssd.conf.5.xml:367
msgid "Default: 50"
msgstr "Padrão: 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:357
+#: sssd.conf.5.xml:372
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:375
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -639,17 +664,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:686 sssd-krb5.5.xml:223
+#: sssd.conf.5.xml:381 sssd.conf.5.xml:768 sssd-krb5.5.xml:223
msgid "Default: 15"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:371
+#: sssd.conf.5.xml:386
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:374
+#: sssd.conf.5.xml:389
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -658,78 +683,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:396
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:401
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:389
+#: sssd.conf.5.xml:404
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398
+#: sssd.conf.5.xml:413
msgid "override_homedir (string)"
msgstr "override_homedir (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:166
+#: sssd.conf.5.xml:422 sssd-krb5.5.xml:166
msgid "%u"
msgstr "%u"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd-krb5.5.xml:167
+#: sssd.conf.5.xml:423 sssd-krb5.5.xml:167
msgid "login name"
msgstr "nome de login"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:411 sssd-krb5.5.xml:170
+#: sssd.conf.5.xml:426 sssd-krb5.5.xml:170
msgid "%U"
msgstr "%U"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:412
+#: sssd.conf.5.xml:427
msgid "UID number"
msgstr "Número UID"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:415 sssd-krb5.5.xml:188
+#: sssd.conf.5.xml:430 sssd-krb5.5.xml:188
msgid "%d"
msgstr "%d"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:416
+#: sssd.conf.5.xml:431
msgid "domain name"
msgstr "nome de domínio"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:419
+#: sssd.conf.5.xml:434
msgid "%f"
msgstr "%f"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:435
msgid "fully qualified user name (user@domain)"
msgstr "nome totalmente qualificado do utilizador (utilizador@domínio)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:423 sssd-krb5.5.xml:200
+#: sssd.conf.5.xml:438 sssd-krb5.5.xml:200
msgid "%%"
msgstr "%%"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424 sssd-krb5.5.xml:201
+#: sssd.conf.5.xml:439 sssd-krb5.5.xml:201
msgid "a literal '%'"
msgstr "um literal '%'"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:401
+#: sssd.conf.5.xml:416
msgid ""
"Override the user's home directory. You can either provide an absolute value "
"or a template. In the template, the following sequences are substituted: "
@@ -737,138 +762,198 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430
+#: sssd.conf.5.xml:445
msgid "This option can also be set per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:450
+#, fuzzy
+#| msgid "mail_dir (string)"
+msgid "fallback_homedir (string)"
+msgstr "mail_dir (string)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:453
+msgid ""
+"Set a default template for a user's home directory if one is not specified "
+"explicitly by the domain's data provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:458
+msgid ""
+"The available values for this option are the same as for override_homedir."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:462
+msgid "Default: not set (no substitution for unset home directories)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:468
msgid "allowed_shells (string)"
msgstr "allowed_shells (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
+#: sssd.conf.5.xml:471
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
+#: sssd.conf.5.xml:474
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
+#: sssd.conf.5.xml:478
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:483
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:455
+#: sssd.conf.5.xml:488
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:458
+#: sssd.conf.5.xml:491
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:462
+#: sssd.conf.5.xml:495
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:500
msgid "vetoed_shells (string)"
msgstr "vetoed_shells (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:503
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:475
+#: sssd.conf.5.xml:508
msgid "shell_fallback (string)"
msgstr "shell_fallback (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:511
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
+#: sssd.conf.5.xml:515
msgid "Default: /bin/sh"
msgstr "Padrão: /bin/sh"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:520
+#, fuzzy
+#| msgid "default_shell (string)"
+msgid "default_shell"
+msgstr "default_shell (string)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:523
+msgid ""
+"The default shell to use if the provider does not return one during lookup. "
+"This option supercedes any other shell options if it takes effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:528
+msgid ""
+"Default: not set (Return NULL if no shell is specified and rely on libc to "
+"substitute something sensible when necessary, usually /bin/sh)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:535 sssd.conf.5.xml:683
+#, fuzzy
+#| msgid "entry_cache_timeout (integer)"
+msgid "get_domains_timeout (int)"
+msgstr "entry_cache_timeout (integer)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:538 sssd.conf.5.xml:686
+msgid ""
+"Specifies time in seconds for which the list of subdomains will be "
+"considered valid."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:489
+#: sssd.conf.5.xml:549
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:491
+#: sssd.conf.5.xml:551
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:556
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:499
+#: sssd.conf.5.xml:559
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504 sssd.conf.5.xml:517
+#: sssd.conf.5.xml:564 sssd.conf.5.xml:577
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:570
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:513
+#: sssd.conf.5.xml:573
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:523
+#: sssd.conf.5.xml:583
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:586
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:591
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -876,59 +961,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537 sssd.conf.5.xml:590 sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:597 sssd.conf.5.xml:650 sssd.conf.5.xml:1315
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:603
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:606
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:611
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:554
+#: sssd.conf.5.xml:614
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:557
+#: sssd.conf.5.xml:617
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:621
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:624
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:568 sssd.8.xml:63
+#: sssd.conf.5.xml:628 sssd.8.xml:63
msgid "Default: 1"
msgstr "Padrão: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:573
+#: sssd.conf.5.xml:633
msgid "pam_id_timeout (integer)"
msgstr "pam_id_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:636
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -936,7 +1021,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
+#: sssd.conf.5.xml:642
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -945,45 +1030,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:656
msgid "pam_pwd_expiration_warning (integer)"
msgstr "pam_pwd_expiration_warning (integer)"
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:659 sssd.conf.5.xml:972
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:662
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
"cannot display a warning."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:668 sssd.conf.5.xml:975
+msgid ""
+"If zero is set, then this filter is not applied, i.e. if the expiration "
+"warning was received from backend server, it will automatically be displayed."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:608
-msgid "Default: 7"
+#: sssd.conf.5.xml:673
+msgid ""
+"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
+"emphasis> for a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:678 sssd.8.xml:79
+msgid "Default: 0"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:616
+#: sssd.conf.5.xml:698
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:618
+#: sssd.conf.5.xml:700
msgid "These options can be used to configure the sudo service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:707
msgid "sudo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:710
msgid ""
"For any sudo request that comes while SSSD is online, the SSSD will attempt "
"to update the cached rules in order to ensure that sudo has the latest "
@@ -991,7 +1090,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:716
msgid ""
"The user may, however, run a couple of sudo commands successively, which "
"would trigger multiple LDAP requests. In order to speed up this use-case, "
@@ -1000,71 +1099,95 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:641
+#: sssd.conf.5.xml:723
msgid ""
"This option controls how long (in seconds) can the sudo service cache rules "
"for a user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:727
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:732
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:735
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:748
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:750
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:676
+#: sssd.conf.5.xml:758
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:679
+#: sssd.conf.5.xml:761
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
"before asking the back end again."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:776
+#, fuzzy
+#| msgid "Configuration"
+msgid "SSH configuration options"
+msgstr "Configuração"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:778
+msgid "These options can be used to configure the SSH service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:786
+msgid "ssh_hash_known_hosts (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:789
+msgid ""
+"Whether or not to hash host names and adresses in the managed known_hosts "
+"file."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:803
msgid "DOMAIN SECTIONS"
msgstr "SECÇÕES DE DOMÍNIO"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:810
msgid "min_id,max_id (integer)"
msgstr "min_id,max_id (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:706
+#: sssd.conf.5.xml:813
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:711
+#: sssd.conf.5.xml:818
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1073,56 +1196,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:825
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "Padrão: 1 para min_id, 0 (sem limite) para max_id"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
-msgid "timeout (integer)"
-msgstr "timeout (integer)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
-msgid ""
-"Timeout in seconds between heartbeats for this domain. This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr "Padrão: 10"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:738
+#: sssd.conf.5.xml:831
msgid "enumerate (bool)"
msgstr "enumerate (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:834
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:745
+#: sssd.conf.5.xml:838
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:841
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:856 sssd.conf.5.xml:910
+#: sssd.conf.5.xml:844 sssd.conf.5.xml:949 sssd.conf.5.xml:1031
msgid "Default: FALSE"
msgstr "Padrão: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:754
+#: sssd.conf.5.xml:847
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1132,14 +1238,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:764
+#: sssd.conf.5.xml:857
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:862
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1148,98 +1254,98 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:873
msgid "entry_cache_timeout (integer)"
msgstr "entry_cache_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:876
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:880
msgid "Default: 5400"
msgstr "Padrão: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:886
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796
+#: sssd.conf.5.xml:889
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800 sssd.conf.5.xml:813 sssd.conf.5.xml:826
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:893 sssd.conf.5.xml:906 sssd.conf.5.xml:919
+#: sssd.conf.5.xml:932
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:899
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:902
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:819
+#: sssd.conf.5.xml:912
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:915
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:925
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:928
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:938
msgid "cache_credentials (bool)"
msgstr "cache_credentials (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:941
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:945
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:861
+#: sssd.conf.5.xml:954
msgid "account_cache_expiration (integer)"
msgstr "account_cache_expiration (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:957
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1248,47 +1354,77 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:964
msgid "Default: 0 (unlimited)"
msgstr "Padrão: 0 (ilimitado)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:969
+#, fuzzy
+#| msgid "pam_pwd_expiration_warning (integer)"
+msgid "pwd_expiration_warning (integer)"
+msgstr "pam_pwd_expiration_warning (integer)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:980
+msgid ""
+"Please note that the backend server has to provide information about the "
+"expiration time of the password. If this information is missing, sssd "
+"cannot display a warning. Also an auth provider has to be configured for the "
+"backend."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:987
+#, fuzzy
+#| msgid "Default: memberHost"
+msgid "Default: 7 (Kerberos), 0 (LDAP)"
+msgstr "Padrão: memberHost"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:993
msgid "id_provider (string)"
msgstr "id_provider (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:880
+#: sssd.conf.5.xml:996
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:1000
msgid "Supported backends:"
msgstr "Backends suportados:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:887
+#: sssd.conf.5.xml:1003
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:890
+#: sssd.conf.5.xml:1006
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:1009
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:899
+#: sssd.conf.5.xml:1015
msgid "use_fully_qualified_names (bool)"
msgstr "use_fully_qualified_names (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:1018
+msgid ""
+"Use the full name and domain (as formatted by the domain's full_name_format) "
+"as the user's login name reported to NSS."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1023
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1297,19 +1433,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:915
+#: sssd.conf.5.xml:1036
msgid "auth_provider (string)"
msgstr "auth_provider (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:918
+#: sssd.conf.5.xml:1039
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
+#: sssd.conf.5.xml:1043
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1317,7 +1453,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:929
+#: sssd.conf.5.xml:1050
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1325,30 +1461,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:1057
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1060
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1063
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:1069
msgid "access_provider (string)"
msgstr "access_provider (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:951
+#: sssd.conf.5.xml:1072
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1356,17 +1492,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
-msgid "<quote>permit</quote> always allow access."
+#: sssd.conf.5.xml:1078
+msgid ""
+"<quote>permit</quote> always allow access. It's the only permitted access "
+"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:960
+#: sssd.conf.5.xml:1081
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1084
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1375,24 +1513,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1091
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1096
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:978
+#: sssd.conf.5.xml:1099
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1104
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1400,7 +1538,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:991
+#: sssd.conf.5.xml:1112
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1408,7 +1546,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1120
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1416,35 +1554,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1007
+#: sssd.conf.5.xml:1128
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1011
+#: sssd.conf.5.xml:1132
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1135
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1021
+#: sssd.conf.5.xml:1142
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1148
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1031
+#: sssd.conf.5.xml:1152
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1452,29 +1590,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
+#: sssd.conf.5.xml:1159
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1041
+#: sssd.conf.5.xml:1162 sssd.conf.5.xml:1246 sssd.conf.5.xml:1271
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1047
+#: sssd.conf.5.xml:1168
msgid "session_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1171
msgid ""
"The provider which should handle loading of session settings. Supported "
"session providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1055
+#: sssd.conf.5.xml:1176
msgid ""
"<quote>ipa</quote> to load session settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1482,66 +1620,155 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1184
msgid "<quote>none</quote> disallows fetching session settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1187
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"session loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1193
+#, fuzzy
+#| msgid "id_provider (string)"
+msgid "subdomains_provider (string)"
+msgstr "id_provider (string)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1196
+msgid ""
+"The provider which should handle fetching of subdomains. This value should "
+"be always the same as id_provider. Supported subdomain providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1201
+msgid ""
+"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1209
+msgid "<quote>none</quote> disallows fetching subdomains explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1212 sssd-ldap.5.xml:1499
+msgid "Default: none"
+msgstr "Padrão: none"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1218
+msgid "autofs_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1224
+msgid ""
+"The autofs provider used for the domain. Supported autofs providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1228
+msgid ""
+"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1235
+msgid ""
+"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
+"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1243
+msgid "<quote>none</quote> disables autofs explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1253
+msgid "hostid_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1256
+msgid ""
+"The provider used for retrieving host identity information. Supported "
+"hostid providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1260
+msgid ""
+"<quote>ipa</quote> to load host identity stored in an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1268
+msgid "<quote>none</quote> disables hostid explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1278
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1076
+#: sssd.conf.5.xml:1281
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1285
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1083
+#: sssd.conf.5.xml:1288
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1291
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1294
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1092
+#: sssd.conf.5.xml:1297
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1095
+#: sssd.conf.5.xml:1300
msgid "Default: ipv4_first"
msgstr "Default: ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1306
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1104
+#: sssd.conf.5.xml:1309
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1549,51 +1776,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1321
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1324
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1328
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1129
+#: sssd.conf.5.xml:1334
msgid "override_gid (integer)"
msgstr "override_gid (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1337
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1138
+#: sssd.conf.5.xml:1343
msgid "case_sensitive (boolean)"
msgstr "case_sensitive (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1346
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1351
msgid "Default: True"
msgstr "Padrão: TRUE"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1357
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1360
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1374
+#, fuzzy
+#| msgid "override_homedir (string)"
+msgid "subdomain_homedir (string)"
+msgstr "override_homedir (string)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1377
+msgid ""
+"Use this homedir as default value for all subdomains within this domain. See "
+"<emphasis>override_homedir</emphasis> for info about possible values."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1382
+msgid ""
+"The value can be overridden by <emphasis>override_homedir</emphasis> option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:805
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1601,29 +1862,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1395
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1398
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1401
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1409
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1412
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1631,19 +1892,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1154
+#: sssd.conf.5.xml:1391
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1187
+#: sssd.conf.5.xml:1424
msgid "The local domain section"
msgstr "A secção de domínio local"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1426
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1651,73 +1912,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1433
msgid "default_shell (string)"
msgstr "default_shell (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1436
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1440
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Padrão: <filename>bash/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1445
msgid "base_directory (string)"
msgstr "base_directory (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211
+#: sssd.conf.5.xml:1448
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1453
msgid "Default: <filename>/home</filename>"
msgstr "Padrão: <filename>/ home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1221
+#: sssd.conf.5.xml:1458
msgid "create_homedir (bool)"
msgstr "create_homedir (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1224
+#: sssd.conf.5.xml:1461
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1228 sssd.conf.5.xml:1240
+#: sssd.conf.5.xml:1465 sssd.conf.5.xml:1477
msgid "Default: TRUE"
msgstr "Padrão: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1470
msgid "remove_homedir (bool)"
msgstr "remove_homedir (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1473
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1245
+#: sssd.conf.5.xml:1482
msgid "homedir_umask (integer)"
msgstr "homedir_umask (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1248
+#: sssd.conf.5.xml:1485
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1725,17 +1986,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1256
+#: sssd.conf.5.xml:1493
msgid "Default: 077"
msgstr "Padrão: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1498
msgid "skel_dir (string)"
msgstr "skel_dir (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1501
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1744,17 +2005,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1274
+#: sssd.conf.5.xml:1511
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Padrão: <filename>skel/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1516
msgid "mail_dir (string)"
msgstr "mail_dir (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1519
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1762,17 +2023,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1289
+#: sssd.conf.5.xml:1526
msgid "Default: <filename>/var/mail</filename>"
msgstr "Padrão: <filename>mail/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1531
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1297
+#: sssd.conf.5.xml:1534
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1780,18 +2041,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1540
msgid "Default: None, no command is run"
msgstr "Padrão: None, nenhum comando é executado"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1313 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1550 sssd-ldap.5.xml:2145 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:563 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr "EXEMPLO"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1319
+#: sssd.conf.5.xml:1556
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1845,7 +2106,7 @@ msgstr ""
"enumerate = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1552
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1854,7 +2115,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1587
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -2071,216 +2332,236 @@ msgstr ""
msgid ""
"Specifies the Schema Type in use on the target LDAP server. Depending on "
"the selected schema, the default attribute names retrieved from the servers "
-"may vary. The way that some attributes are handled may also differ. Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
+"may vary. The way that some attributes are handled may also differ. Four "
+"schema types are currently supported: rfc2307 rfc2307bis IPA AD The main "
"difference between these schema types is how group memberships are recorded "
"in the server. With rfc2307, group members are listed by name in the "
"<emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, group "
"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
+"attribute. The AD schema type sets the attributes to correspond with Active "
+"Directory 2008r2 values."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
+#: sssd-ldap.5.xml:183
msgid "Default: rfc2307"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
+#: sssd-ldap.5.xml:189
msgid "ldap_default_bind_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
+#: sssd-ldap.5.xml:192
msgid "The default bind DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
+#: sssd-ldap.5.xml:199
msgid "ldap_default_authtok_type (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
+#: sssd-ldap.5.xml:202
msgid "The type of the authentication token of the default bind DN."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
+#: sssd-ldap.5.xml:206
msgid "The two mechanisms currently supported are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
+#: sssd-ldap.5.xml:209
msgid "password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
+#: sssd-ldap.5.xml:212
msgid "obfuscated_password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
+#: sssd-ldap.5.xml:215
msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
+#: sssd-ldap.5.xml:221
msgid "ldap_default_authtok (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
+#: sssd-ldap.5.xml:224
msgid ""
"The authentication token of the default bind DN. Only clear text passwords "
"are currently supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
+#: sssd-ldap.5.xml:231
msgid "ldap_user_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
+#: sssd-ldap.5.xml:234
msgid "The object class of a user entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
+#: sssd-ldap.5.xml:237
msgid "Default: posixAccount"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
+#: sssd-ldap.5.xml:243
msgid "ldap_user_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
+#: sssd-ldap.5.xml:246
msgid "The LDAP attribute that corresponds to the user's login name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
+#: sssd-ldap.5.xml:250
msgid "Default: uid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
+#: sssd-ldap.5.xml:256
msgid "ldap_user_uid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
+#: sssd-ldap.5.xml:259
msgid "The LDAP attribute that corresponds to the user's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
+#: sssd-ldap.5.xml:263
msgid "Default: uidNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
+#: sssd-ldap.5.xml:269
msgid "ldap_user_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
+#: sssd-ldap.5.xml:272
msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
+#: sssd-ldap.5.xml:276 sssd-ldap.5.xml:758
msgid "Default: gidNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
+#: sssd-ldap.5.xml:282
msgid "ldap_user_gecos (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
+#: sssd-ldap.5.xml:285
msgid "The LDAP attribute that corresponds to the user's gecos field."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
+#: sssd-ldap.5.xml:289
msgid "Default: gecos"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
+#: sssd-ldap.5.xml:295
msgid "ldap_user_home_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
+#: sssd-ldap.5.xml:298
msgid "The LDAP attribute that contains the name of the user's home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
+#: sssd-ldap.5.xml:302
msgid "Default: homeDirectory"
msgstr "Padrão: homeDirectory"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
+#: sssd-ldap.5.xml:308
msgid "ldap_user_shell (string)"
msgstr "ldap_user_shell (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
+#: sssd-ldap.5.xml:311
msgid "The LDAP attribute that contains the path to the user's default shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
+#: sssd-ldap.5.xml:315
msgid "Default: loginShell"
msgstr "Padrão: diret"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
+#: sssd-ldap.5.xml:321
msgid "ldap_user_uuid (string)"
msgstr "ldap_user_uuid (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
+#: sssd-ldap.5.xml:324
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
+#: sssd-ldap.5.xml:328 sssd-ldap.5.xml:784 sssd-ldap.5.xml:911
msgid "Default: nsUniqueId"
msgstr "Padrão: nsUniqueId"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
+#: sssd-ldap.5.xml:334
+#, fuzzy
+#| msgid "ldap_user_uuid (string)"
+msgid "ldap_user_objectsid (string)"
+msgstr "ldap_user_uuid (string)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:337
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP user object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:342 sssd-ldap.5.xml:798
+msgid "Default: objectSid for ActiveDirectory, not set for other servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:349
msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
+#: sssd-ldap.5.xml:352 sssd-ldap.5.xml:808 sssd-ldap.5.xml:920
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
+#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:812 sssd-ldap.5.xml:927
msgid "Default: modifyTimestamp"
msgstr "Padrão: modifyTimestamp"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
+#: sssd-ldap.5.xml:362
msgid "ldap_user_shadow_last_change (string)"
msgstr "ldap_user_shadow_last_change (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
+#: sssd-ldap.5.xml:365
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2289,17 +2570,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
+#: sssd-ldap.5.xml:375
msgid "Default: shadowLastChange"
msgstr "Padrão: shadowLastChange"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
+#: sssd-ldap.5.xml:381
msgid "ldap_user_shadow_min (string)"
msgstr "ldap_user_shadow_min (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
+#: sssd-ldap.5.xml:384
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2308,17 +2589,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
+#: sssd-ldap.5.xml:393
msgid "Default: shadowMin"
msgstr "Padrão: shadowMin"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
+#: sssd-ldap.5.xml:399
msgid "ldap_user_shadow_max (string)"
msgstr "ldap_user_shadow_max (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
+#: sssd-ldap.5.xml:402
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2327,17 +2608,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
+#: sssd-ldap.5.xml:411
msgid "Default: shadowMax"
msgstr "Padrão: shadowMax"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
+#: sssd-ldap.5.xml:417
msgid "ldap_user_shadow_warning (string)"
msgstr "ldap_user_shadow_warning (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
+#: sssd-ldap.5.xml:420
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2346,17 +2627,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
+#: sssd-ldap.5.xml:430
msgid "Default: shadowWarning"
msgstr "Padrão: shadowWarning"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
+#: sssd-ldap.5.xml:436
msgid "ldap_user_shadow_inactive (string)"
msgstr "ldap_user_shadow_inactive (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
+#: sssd-ldap.5.xml:439
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2365,17 +2646,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
+#: sssd-ldap.5.xml:449
msgid "Default: shadowInactive"
msgstr "Padrão: shadowInactive"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
+#: sssd-ldap.5.xml:455
msgid "ldap_user_shadow_expire (string)"
msgstr "ldap_user_shadow_expire (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
+#: sssd-ldap.5.xml:458
msgid ""
"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
"parameter contains the name of an LDAP attribute corresponding to its "
@@ -2384,17 +2665,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
+#: sssd-ldap.5.xml:468
msgid "Default: shadowExpire"
msgstr "Padrão: shadowExpire"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
+#: sssd-ldap.5.xml:474
msgid "ldap_user_krb_last_pwd_change (string)"
msgstr "ldap_user_krb_last_pwd_change (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
+#: sssd-ldap.5.xml:477
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time of last password change in "
@@ -2402,158 +2683,158 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
+#: sssd-ldap.5.xml:483
msgid "Default: krbLastPwdChange"
msgstr "Padrão: krbLastPwdChange"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
+#: sssd-ldap.5.xml:489
msgid "ldap_user_krb_password_expiration (string)"
msgstr "ldap_user_krb_password_expiration (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
+#: sssd-ldap.5.xml:492
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time when current password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
+#: sssd-ldap.5.xml:498
msgid "Default: krbPasswordExpiration"
msgstr "Padrão: krbPasswordExpiration"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
+#: sssd-ldap.5.xml:504
msgid "ldap_user_ad_account_expires (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
+#: sssd-ldap.5.xml:507
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the expiration time of the account."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
+#: sssd-ldap.5.xml:512
msgid "Default: accountExpires"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
+#: sssd-ldap.5.xml:518
msgid "ldap_user_ad_user_account_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
+#: sssd-ldap.5.xml:521
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the user account control bit field."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
+#: sssd-ldap.5.xml:526
msgid "Default: userAccountControl"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
+#: sssd-ldap.5.xml:532
msgid "ldap_ns_account_lock (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
+#: sssd-ldap.5.xml:535
msgid ""
"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
"determines if access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
+#: sssd-ldap.5.xml:540
msgid "Default: nsAccountLock"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
+#: sssd-ldap.5.xml:546
msgid "ldap_user_nds_login_disabled (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
+#: sssd-ldap.5.xml:549
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines if "
"access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
+#: sssd-ldap.5.xml:553 sssd-ldap.5.xml:567
msgid "Default: loginDisabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
+#: sssd-ldap.5.xml:559
msgid "ldap_user_nds_login_expiration_time (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
+#: sssd-ldap.5.xml:562
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines until "
"which date access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
+#: sssd-ldap.5.xml:573
msgid "ldap_user_nds_login_allowed_time_map (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
+#: sssd-ldap.5.xml:576
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines the "
"hours of a day in a week when access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
+#: sssd-ldap.5.xml:581
msgid "Default: loginAllowedTimeMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
+#: sssd-ldap.5.xml:587
msgid "ldap_user_principal (string)"
msgstr "ldap_user_principal (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
+#: sssd-ldap.5.xml:590
msgid ""
"The LDAP attribute that contains the user's Kerberos User Principal Name "
"(UPN)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
+#: sssd-ldap.5.xml:594
msgid "Default: krbPrincipalName"
msgstr "Padrão: krbPrincipalName"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
+#: sssd-ldap.5.xml:600
msgid "ldap_user_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
+#: sssd-ldap.5.xml:603
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
+#: sssd-ldap.5.xml:610
msgid "ldap_force_upper_case_realm (boolean)"
msgstr "ldap_force_upper_case_realm (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
+#: sssd-ldap.5.xml:613
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -2562,29 +2843,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
+#: sssd-ldap.5.xml:626
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr "ldap_enumeration_refresh_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
+#: sssd-ldap.5.xml:629
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:634 sssd-ldap.5.xml:1887
msgid "Default: 300"
msgstr "Padrão: 300"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
+#: sssd-ldap.5.xml:640
msgid "ldap_purge_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
+#: sssd-ldap.5.xml:643
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -2592,54 +2873,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
+#: sssd-ldap.5.xml:649
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
+#: sssd-ldap.5.xml:653
msgid "Default: 10800 (12 hours)"
msgstr "Padrão: 10800 (12 horas)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
+#: sssd-ldap.5.xml:659
msgid "ldap_user_fullname (string)"
msgstr "ldap_user_fullname (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
+#: sssd-ldap.5.xml:662
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
+#: sssd-ldap.5.xml:666 sssd-ldap.5.xml:745 sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:952 sssd-ldap.5.xml:1742 sssd-ldap.5.xml:1960
+#: sssd-ipa.5.xml:441
msgid "Default: cn"
msgstr "Padrão: NC"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
+#: sssd-ldap.5.xml:672
msgid "ldap_user_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
+#: sssd-ldap.5.xml:675
msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
+#: sssd-ldap.5.xml:679 sssd-ipa.5.xml:345
msgid "Default: memberOf"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
+#: sssd-ldap.5.xml:685
msgid "ldap_user_authorized_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
+#: sssd-ldap.5.xml:688
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -2647,24 +2928,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
+#: sssd-ldap.5.xml:695
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:700
msgid "Default: authorizedService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
+#: sssd-ldap.5.xml:706
msgid "ldap_user_authorized_host (string)"
msgstr "ldap_user_authorized_host (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
+#: sssd-ldap.5.xml:709
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -2672,89 +2953,103 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
+#: sssd-ldap.5.xml:715
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
+#: sssd-ldap.5.xml:720
msgid "Default: host"
msgstr "Padrão: host"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:726
msgid "ldap_group_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
+#: sssd-ldap.5.xml:729
msgid "The object class of a group entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
+#: sssd-ldap.5.xml:732
msgid "Default: posixGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:738
msgid "ldap_group_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
+#: sssd-ldap.5.xml:741
msgid "The LDAP attribute that corresponds to the group name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:751
msgid "ldap_group_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:754
msgid "The LDAP attribute that corresponds to the group's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
+#: sssd-ldap.5.xml:764
msgid "ldap_group_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
+#: sssd-ldap.5.xml:767
msgid "The LDAP attribute that contains the names of the group's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
+#: sssd-ldap.5.xml:771
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
+#: sssd-ldap.5.xml:777
msgid "ldap_group_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:780
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:790
+#, fuzzy
+#| msgid "ldap_netgroup_uuid (string)"
+msgid "ldap_group_objectsid (string)"
+msgstr "ldap_netgroup_uuid (string)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:793
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP group object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:805
msgid "ldap_group_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:818
msgid "ldap_group_nesting_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:821
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -2762,198 +3057,198 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
+#: sssd-ldap.5.xml:828
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:834
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
+#: sssd-ldap.5.xml:837
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
+#: sssd-ldap.5.xml:840
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:844
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
+#: sssd-ldap.5.xml:850
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
+#: sssd-ldap.5.xml:853
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:857
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
+#: sssd-ldap.5.xml:867
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
+#: sssd-ldap.5.xml:870
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
+#: sssd-ldap.5.xml:874
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:878
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:884
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
+#: sssd-ldap.5.xml:887
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
+#: sssd-ldap.5.xml:891 sssd-ldap.5.xml:924
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:894
msgid "Default: nisNetgroupTriple"
msgstr "Padrão: nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
+#: sssd-ldap.5.xml:900
msgid "ldap_netgroup_uuid (string)"
msgstr "ldap_netgroup_uuid (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
+#: sssd-ldap.5.xml:903
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
+#: sssd-ldap.5.xml:907
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
+#: sssd-ldap.5.xml:917
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:933
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:936
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:939
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:945
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:948
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
+#: sssd-ldap.5.xml:958
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
+#: sssd-ldap.5.xml:961
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
+#: sssd-ldap.5.xml:965
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
+#: sssd-ldap.5.xml:971
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:974
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
+#: sssd-ldap.5.xml:978
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
+#: sssd-ldap.5.xml:984
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:987
msgid "An optional base DN to restrict service searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
+#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1997 sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2035 sssd-ldap.5.xml:2098 sssd-ldap.5.xml:2120
+#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 sssd-ipa.5.xml:206
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
+#: sssd-ldap.5.xml:996 sssd-ldap.5.xml:2002 sssd-ldap.5.xml:2021
+#: sssd-ldap.5.xml:2040 sssd-ldap.5.xml:2103 sssd-ldap.5.xml:2125
#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
+#: sssd-ldap.5.xml:1003
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1006
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2961,7 +3256,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
+#: sssd-ldap.5.xml:1012
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2969,35 +3264,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
+#: sssd-ldap.5.xml:1018 sssd-ldap.5.xml:1060 sssd-ldap.5.xml:1075
msgid "Default: 6"
msgstr "Padrão: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1024
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1027
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
"are returned (and offline mode is entered)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr "Padrão: 60"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1040
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1043
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -3008,12 +3298,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
+#: sssd-ldap.5.xml:1066
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
+#: sssd-ldap.5.xml:1069
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -3021,12 +3311,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1081
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1084
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -3035,34 +3325,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
+#: sssd-ldap.5.xml:1092
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1098
msgid "ldap_page_size (integer)"
msgstr "ldap_page_size (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
+#: sssd-ldap.5.xml:1101
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1106
msgid "Default: 1000"
msgstr "Padrão: 1000"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
+#: sssd-ldap.5.xml:1112
+msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1115
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -3070,27 +3360,50 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
+#: sssd-ldap.5.xml:1121
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1127
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
"requests being denied."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1133 include/ldap_id_mapping.xml:184
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1139
+msgid "ldap_sasl_minssf (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1142
+msgid ""
+"When communicating with an LDAP server using SASL, specify the minimum "
+"security level necessary to establish the connection. The values of this "
+"option are defined by OpenLDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1148
+msgid "Default: Use the system default (usually specified by ldap.conf)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1155
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1158
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -3098,13 +3411,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1164
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1168
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -3113,7 +3426,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
+#: sssd-ldap.5.xml:1176
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -3121,19 +3434,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1189
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
+#: sssd-ldap.5.xml:1192
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1198
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
@@ -3142,7 +3455,7 @@ msgstr ""
"qualquer certificado de servidor."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
+#: sssd-ldap.5.xml:1202
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3150,7 +3463,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1209
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3158,7 +3471,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1215
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3166,41 +3479,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1221
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1225
msgid "Default: hard"
msgstr "Padrão: hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
+#: sssd-ldap.5.xml:1231
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
+#: sssd-ldap.5.xml:1234
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
+#: sssd-ldap.5.xml:1239 sssd-ldap.5.xml:1257 sssd-ldap.5.xml:1298
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1246
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1249
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3209,38 +3522,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1264
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1267
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1271 sssd-ldap.5.xml:1283 sssd-ldap.5.xml:1344
+#: sssd-ldap.5.xml:2058 sssd-ldap.5.xml:2085 sssd-krb5.5.xml:359
+#: include/ldap_id_mapping.xml:145 include/ldap_id_mapping.xml:156
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1277
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1280
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
+#: sssd-ldap.5.xml:1289
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
+#: sssd-ldap.5.xml:1292
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3248,91 +3562,106 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1305
msgid "ldap_id_use_start_tls (boolean)"
msgstr "ldap_id_use_start_tls (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1308
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1318
+#, fuzzy
+#| msgid "ldap_id_use_start_tls (boolean)"
+msgid "ldap_id_mapping (boolean)"
+msgstr "ldap_id_use_start_tls (boolean)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1321
+msgid ""
+"Specifies that SSSD should attempt to map user and group IDs from the "
+"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
+"on ldap_user_uid_number and ldap_group_gid_number."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1327
+msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1337
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1340
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr "Padrão: none"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1350
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
+#: sssd-ldap.5.xml:1353
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
+#: sssd-ldap.5.xml:1358
msgid "Default: host/machine.fqdn@REALM"
msgstr "Padrão: host/machine.fqdn@REALM"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1364
msgid "ldap_sasl_canonicalize (boolean)"
msgstr "ldap_sasl_canonicalize (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
+#: sssd-ldap.5.xml:1367
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
+#: sssd-ldap.5.xml:1372
msgid "Default: false;"
msgstr "Padrão: false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1378
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
+#: sssd-ldap.5.xml:1381
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1384
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
"Padrão: Sistema keytab, normalmente <filename>/etc/krb5.keytab</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
+#: sssd-ldap.5.xml:1390
msgid "ldap_krb5_init_creds (boolean)"
msgstr "ldap_krb5_init_creds (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
+#: sssd-ldap.5.xml:1393
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -3340,27 +3669,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1405
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1408
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
+#: sssd-ldap.5.xml:1412
msgid "Default: 86400 (24 hours)"
msgstr "Padrão: 86400 (24 horas)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1418 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr "krb5_server (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1421 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -3372,7 +3701,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1433 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -3380,7 +3709,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1438 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -3388,53 +3717,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1447 sssd-ipa.5.xml:235 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1450
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
+#: sssd-ldap.5.xml:1453
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1459 sssd-ipa.5.xml:250 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1462
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
+#: sssd-ldap.5.xml:1474
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
+#: sssd-ldap.5.xml:1477
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1482
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
+#: sssd-ldap.5.xml:1487
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -3442,7 +3771,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
+#: sssd-ldap.5.xml:1493
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -3450,76 +3779,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1505
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1508
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
+#: sssd-ldap.5.xml:1512
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1517
+msgid ""
+"Chasing referrals may incur a performance penalty in environments that use "
+"them heavily, a notable example is Microsoft Active Directory. If your setup "
+"does not in fact require the use of referrals, setting this option to false "
+"might bring a noticeable performance improvement."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1531
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1534
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1538
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1544
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
+#: sssd-ldap.5.xml:1547
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1552
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
+#: sssd-ldap.5.xml:1558
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1561
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
+"it will result in all users being denied access. Use access_provider = "
+"permit to change this default behavior."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:1571 sssd-ldap.5.xml:2061
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
+#: sssd-ldap.5.xml:1574
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3528,14 +3866,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1578
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
+#: sssd-ldap.5.xml:1583
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3544,24 +3882,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1591 sssd-ldap.5.xml:1641
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1597
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1600
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1604
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3569,19 +3907,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1611
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1614
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1619
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3590,7 +3928,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1626
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3598,7 +3936,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
+#: sssd-ldap.5.xml:1632
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3607,89 +3945,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
+#: sssd-ldap.5.xml:1647
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
+#: sssd-ldap.5.xml:1650
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1654
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1657
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1661
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
+#: sssd-ldap.5.xml:1666
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1670
msgid "Default: filter"
msgstr "Padrão: filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1673
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1680
msgid "ldap_deref (string)"
msgstr "ldap_deref (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
+#: sssd-ldap.5.xml:1683
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1688
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1692
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1697
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1702
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1707
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3706,212 +4044,212 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1718
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1723
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
+#: sssd-ldap.5.xml:1726
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1729
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1735
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1738
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1748
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1751
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
+#: sssd-ldap.5.xml:1755
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
+#: sssd-ldap.5.xml:1761
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
+#: sssd-ldap.5.xml:1764
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
+#: sssd-ldap.5.xml:1769
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1775
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
+#: sssd-ldap.5.xml:1778
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
+#: sssd-ldap.5.xml:1782
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1788
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
+#: sssd-ldap.5.xml:1791
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
+#: sssd-ldap.5.xml:1795
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
+#: sssd-ldap.5.xml:1801
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1804
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
+#: sssd-ldap.5.xml:1808
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
+#: sssd-ldap.5.xml:1814
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
+#: sssd-ldap.5.xml:1817
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
+#: sssd-ldap.5.xml:1821
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
+#: sssd-ldap.5.xml:1827
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
+#: sssd-ldap.5.xml:1830
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1834
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
+#: sssd-ldap.5.xml:1840
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
+#: sssd-ldap.5.xml:1843
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1848
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1854
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1857
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
+#: sssd-ldap.5.xml:1861
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1867
msgid "ldap_sudo_refresh_enabled (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1870
msgid ""
"Enables periodical download of all sudo rules. The cache is purged before "
"each update."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1880
msgid "ldap_sudo_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
+#: sssd-ldap.5.xml:1883
msgid ""
"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1721
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1894
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -3920,76 +4258,76 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1904
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
+#: sssd-ldap.5.xml:1906
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1913
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1916 sssd-ldap.5.xml:1942
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1919 sssd-ldap.5.xml:1946
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
+#: sssd-ldap.5.xml:1926
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
+#: sssd-ldap.5.xml:1929
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
+#: sssd-ldap.5.xml:1932
msgid "Default: ou"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1939
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1953
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
+#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:1970
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1967
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1974
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1911
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -3998,62 +4336,62 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
+#: sssd-ldap.5.xml:1983
msgid "ADVANCED OPTIONS"
msgstr "OPÇÕES AVANÇADAS"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
+#: sssd-ldap.5.xml:1990
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
+#: sssd-ldap.5.xml:1993
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:2009
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
+#: sssd-ldap.5.xml:2012
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
+#: sssd-ldap.5.xml:2028
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:2031
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:2047
msgid "ldap_user_search_filter (string)"
msgstr "ldap_user_search_filter (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
+#: sssd-ldap.5.xml:2050
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
+#: sssd-ldap.5.xml:2054
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2064
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -4061,55 +4399,55 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
+#: sssd-ldap.5.xml:2067
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2074
msgid "ldap_group_search_filter (string)"
msgstr "ldap_group_search_filter (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
+#: sssd-ldap.5.xml:2077
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2081
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2091
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2094
msgid ""
"An optional base DN to restrict sudo rules searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
+#: sssd-ldap.5.xml:2113
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
+#: sssd-ldap.5.xml:2116
msgid ""
"An optional base DN to restrict automounter searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1985
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -4117,7 +4455,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2147
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -4125,7 +4463,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
+#: sssd-ldap.5.xml:2153
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -4146,19 +4484,19 @@ msgstr ""
" cache_credentials = true\n"
" enumerate = true\n"
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
+#. type: Content of: <refsect1><refsect2><para>
+#: sssd-ldap.5.xml:2152 sssd-simple.5.xml:134 sssd-ipa.5.xml:571
+#: sssd-krb5.5.xml:441 include/ldap_id_mapping.xml:63
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:2166 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr "NOTAS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
+#: sssd-ldap.5.xml:2168
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -4167,7 +4505,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
+#: sssd-ldap.5.xml:2179
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -4705,40 +5043,57 @@ msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:199
+#, fuzzy
+#| msgid "ipa_hbac_search_base (string)"
+msgid "ipa_subdomains_search_base (string)"
+msgstr "ipa_hbac_search_base (string)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:202
+msgid "Optional. Use the given string as search base for trusted domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:218 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr "krb5_validate (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:221 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
+#: sssd-ipa.5.xml:228
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
+#: sssd-ipa.5.xml:238
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:242
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
+#: sssd-ipa.5.xml:253
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -4746,12 +5101,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
+#: sssd-ipa.5.xml:266
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
+#: sssd-ipa.5.xml:269
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -4759,17 +5114,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
+#: sssd-ipa.5.xml:276
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
+#: sssd-ipa.5.xml:281
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
+#: sssd-ipa.5.xml:284
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -4778,313 +5133,313 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
+#: sssd-ipa.5.xml:293
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
+#: sssd-ipa.5.xml:298
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
+#: sssd-ipa.5.xml:303
msgid "Default: DENY_ALL"
msgstr "Padrão: DENY_ALL"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
+#: sssd-ipa.5.xml:308
msgid "ipa_hbac_support_srchost (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:311
msgid ""
"If this is set to false, then srchost as given to SSSD by PAM will be "
"ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
+#: sssd-ipa.5.xml:315
msgid ""
"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
+#: sssd-ipa.5.xml:326
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
+#: sssd-ipa.5.xml:329
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
+#: sssd-ipa.5.xml:332
msgid "Default: The location named \"default\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:338
msgid "ipa_netgroup_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
+#: sssd-ipa.5.xml:341
msgid "The LDAP attribute that lists netgroup's memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
+#: sssd-ipa.5.xml:350
msgid "ipa_netgroup_member_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
+#: sssd-ipa.5.xml:353
msgid ""
"The LDAP attribute that lists system users and groups that are direct "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:358 sssd-ipa.5.xml:453
msgid "Default: memberUser"
msgstr "Padrão: memberUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
+#: sssd-ipa.5.xml:363
msgid "ipa_netgroup_member_host (string)"
msgstr "ipa_netgroup_member_host (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:366
msgid ""
"The LDAP attribute that lists hosts and host groups that are direct members "
"of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:370 sssd-ipa.5.xml:465
msgid "Default: memberHost"
msgstr "Padrão: memberHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:375
msgid "ipa_netgroup_member_ext_host (string)"
msgstr "ipa_netgroup_member_ext_host (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
+#: sssd-ipa.5.xml:378
msgid ""
"The LDAP attribute that lists FQDNs of hosts and host groups that are "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
+#: sssd-ipa.5.xml:382
msgid "Default: externalHost"
msgstr "Padrão: externalHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
+#: sssd-ipa.5.xml:387
msgid "ipa_netgroup_domain (string)"
msgstr "ipa_netgroup_domain (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:390
msgid "The LDAP attribute that contains NIS domain name of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
+#: sssd-ipa.5.xml:394
msgid "Default: nisDomainName"
msgstr "Padrão: nisDomainName"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
+#: sssd-ipa.5.xml:400
msgid "ipa_host_object_class (string)"
msgstr "ipa_host_object_class (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
+#: sssd-ipa.5.xml:403 sssd-ipa.5.xml:426
msgid "The object class of a host entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
+#: sssd-ipa.5.xml:406 sssd-ipa.5.xml:429
msgid "Default: ipaHost"
msgstr "Padrão: ipaHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:411
msgid "ipa_host_fqdn (string)"
msgstr "ipa_host_fqdn (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
+#: sssd-ipa.5.xml:414
msgid "The LDAP attribute that contains FQDN of the host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
+#: sssd-ipa.5.xml:417
msgid "Default: fqdn"
msgstr "Padrão: fqdn"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
+#: sssd-ipa.5.xml:423
msgid "ipa_selinux_usermap_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
+#: sssd-ipa.5.xml:434
msgid "ipa_selinux_usermap_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:437
msgid "The LDAP attribute that contains the name of SELinux usermap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:446
msgid "ipa_selinux_usermap_member_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
+#: sssd-ipa.5.xml:449
msgid ""
"The LDAP attribute that contains all users / groups this rule match against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
+#: sssd-ipa.5.xml:458
msgid "ipa_selinux_usermap_member_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
+#: sssd-ipa.5.xml:461
msgid ""
"The LDAP attribute that contains all hosts / hostgroups this rule match "
"against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:470
msgid "ipa_selinux_usermap_see_also (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:473
msgid ""
"The LDAP attribute that contains DN of HBAC rule which can be used for "
"matching instead of memberUser and memberHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
+#: sssd-ipa.5.xml:478
msgid "Default: seeAlso"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
+#: sssd-ipa.5.xml:483
msgid "ipa_selinux_usermap_selinux_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:486
msgid "The LDAP attribute that contains SELinux user string itself."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:490
msgid "Default: ipaSELinuxUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
+#: sssd-ipa.5.xml:495
msgid "ipa_selinux_usermap_enabled (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
+#: sssd-ipa.5.xml:498
msgid ""
"The LDAP attribute that contains whether or not is user map enabled for "
"usage."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:502
msgid "Default: ipaEnabledFlag"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
+#: sssd-ipa.5.xml:507
msgid "ipa_selinux_usermap_user_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:510
msgid "The LDAP attribute that contains user category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
+#: sssd-ipa.5.xml:514
msgid "Default: userCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:519
msgid "ipa_selinux_usermap_host_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:522
msgid "The LDAP attribute that contains host category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
+#: sssd-ipa.5.xml:526
msgid "Default: hostCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:531
msgid "ipa_selinux_usermap_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
+#: sssd-ipa.5.xml:534
msgid "The LDAP attribute that contains unique ID of the user map."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
+#: sssd-ipa.5.xml:538
msgid "Default: ipaUniqueID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
+#: sssd-ipa.5.xml:543
msgid "ipa_host_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
+#: sssd-ipa.5.xml:546
msgid "The LDAP attribute that contains the host's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:550
msgid "Default: ipaSshPubKey"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:565
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -5092,7 +5447,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:572
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -5106,7 +5461,7 @@ msgstr ""
" ipa_hostname = myhost.example.com\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
+#: sssd-ipa.5.xml:583
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -5193,11 +5548,6 @@ msgstr ""
msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:85
msgid "<option>-f</option>,<option>--debug-to-files</option>"
@@ -5595,7 +5945,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
+#: sss_useradd.8.xml:171
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6069,7 +6419,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
+#: sss_groupadd.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6154,7 +6504,7 @@ msgid "Before actually deleting the user, terminate all his processes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
+#: sss_userdel.8.xml:97
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6196,7 +6546,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
+#: sss_groupdel.8.xml:50
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6261,7 +6611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
+#: sss_groupshow.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6362,7 +6712,7 @@ msgid "The SELinux user for the user's login."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
+#: sss_usermod.8.xml:142
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6481,13 +6831,76 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:108
+#, fuzzy
+#| msgid ""
+#| "<option>-f</option>,<option>--file</option> <replaceable>FILE</"
+#| "replaceable>"
msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"<option>-s</option>,<option>--service</option> <replaceable>service</"
"replaceable>"
msgstr ""
+"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:113
+msgid "Invalidate specific service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:119
+#, fuzzy
+#| msgid "<option>-R</option>,<option>--recursive</option>"
+msgid "<option>-S</option>,<option>--services</option>"
+msgstr "<option>-R</option>,<option>--recursive</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:123
+msgid ""
+"Invalidate all service records. This option overrides invalidation of "
+"specific service if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:130
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+#| "replaceable>"
+msgid ""
+"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
+"replaceable>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:135
+msgid "Invalidate specific autofs maps."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:141
+#, fuzzy
+#| msgid "<option>-D</option>,<option>--daemon</option>"
+msgid "<option>-A</option>,<option>--autofs-maps</option>"
+msgstr "<option>-D</option>,<option>--daemon</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:145
+msgid ""
+"Invalidate all autofs maps. This option overrides invalidation of specific "
+"map if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:152
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:157
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -6712,7 +7125,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
msgid "Configuration"
msgstr "Configuração"
@@ -6828,6 +7241,251 @@ msgid ""
"offline mode, and then attempts to reconnect every 30 seconds."
msgstr ""
+#. type: Content of: <refsect1><title>
+#: include/ldap_id_mapping.xml:2
+msgid "ID MAPPING"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:4
+msgid ""
+"The ID-mapping feature allows SSSD to act as a client of Active Directory "
+"without requiring administrators to extend user attributes to support POSIX "
+"attributes for user and group identifiers."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:9
+msgid ""
+"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are "
+"ignored. This is to avoid the possibility of conflicts between automatically-"
+"assigned and manually-assigned values. If you need to use manually-assigned "
+"values, ALL values must be manually-assigned."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:17
+msgid "Mapping Algorithm"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:19
+msgid ""
+"Active Directory provides an objectSID for every user and group object in "
+"the directory. This objectSID can be broken up into components that "
+"represent the Active Directory domain identity and the relative identifier "
+"(RID) of the user or group object."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:25
+msgid ""
+"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
+"into equally-sized component sections - called \"slices\"-. Each slice "
+"represents the space available to an Active Directory domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:31
+msgid ""
+"When a user or group entry for a particular domain is encountered for the "
+"first time, the SSSD allocates one of the available slices for that domain. "
+"In order to make this slice-assignment repeatable on different client "
+"machines, we select the slice based on the following algorithm:"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:38
+msgid ""
+"The SID string is passed through the murmurhash3 algorithm to convert it to "
+"a 32-bit hashed value. We then take the modulus of this value with the total "
+"number of available slices to pick the slice."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:44
+msgid ""
+"NOTE: It is possible to encounter collisions in the hash and subsequent "
+"modulus. In these situations, we will select the next available slice, but "
+"it may not be possible to reproduce the same exact set of slices on other "
+"machines (since the order that they are encountered will determine their "
+"slice). In this situation, it is recommended to either switch to using "
+"explicit POSIX attributes in Active Directory (disabling ID-mapping) or "
+"configure a default domain to guarantee that at least one is always "
+"consistent. See <quote>Configuration</quote> for details."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:59
+msgid ""
+"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><programlisting>
+#: include/ldap_id_mapping.xml:64
+#, no-wrap
+msgid ""
+"ldap_id_mapping = True\n"
+"ldap_schema = ad\n"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:69
+msgid ""
+"The default configuration results in configuring 10,000 slices, each capable "
+"of holding up to 200,000 IDs, starting from 10,001 and going up to "
+"2,000,100,000. This should be sufficient for most deployments."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><title>
+#: include/ldap_id_mapping.xml:75
+#, fuzzy
+#| msgid "Configuration"
+msgid "Advanced Configuration"
+msgstr "Configuração"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:78
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_range_min (integer)"
+msgstr "ldap_page_size (integer)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:81
+msgid ""
+"Specifies the lower bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:85
+msgid ""
+"NOTE: This option is different from <quote>id_mn</quote> in that "
+"<quote>id_min</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_min</"
+"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:95
+#, fuzzy
+#| msgid "Default: 1000"
+msgid "Default: 10001"
+msgstr "Padrão: 1000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:100
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_range_max (integer)"
+msgstr "ldap_page_size (integer)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:103
+msgid ""
+"Specifies the upper bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:107
+msgid ""
+"NOTE: This option is different from <quote>id_max</quote> in that "
+"<quote>id_max</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_max</"
+"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:117
+#, fuzzy
+#| msgid "Default: 1000"
+msgid "Default: 2000100000"
+msgstr "Padrão: 1000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:122
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_range_size (integer)"
+msgstr "ldap_page_size (integer)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:125
+msgid ""
+"Specifies the number of IDs available for each slice. If the range size "
+"does not divide evenly into the min and max values, it will create as many "
+"complete slices as it can."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:131
+#, fuzzy
+#| msgid "Default: 1000"
+msgid "Default: 200000"
+msgstr "Padrão: 1000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:136
+#, fuzzy
+#| msgid "ldap_sasl_authid (string)"
+msgid "ldap_idmap_default_domain_sid (string)"
+msgstr "ldap_sasl_authid (string)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:139
+msgid ""
+"Specify the domain SID of the default domain. This will guarantee that this "
+"domain will always be assigned to slice zero in the ID map, bypassing the "
+"murmurhash algorithm described above."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:150
+#, fuzzy
+#| msgid "ipa_domain (string)"
+msgid "ldap_idmap_default_domain (string)"
+msgstr "ipa_domain (string)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:153
+msgid "Specify the name of the default domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:161
+#, fuzzy
+#| msgid "ldap_id_use_start_tls (boolean)"
+msgid "ldap_idmap_autorid_compat (boolean)"
+msgstr "ldap_id_use_start_tls (boolean)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:164
+msgid ""
+"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
+"winbind's <quote>idmap_autorid</quote> algorithm."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:169
+msgid ""
+"When this option is configured, domains will be allocated starting with "
+"slice zero and increasing monatomically with each additional domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:174
+msgid ""
+"NOTE: This algorithm is non-deterministic (it depends on the order that "
+"users and groups are requested). If this mode is required for compatibility "
+"with machines running winbind, it is recommended to also use the "
+"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at "
+"least one domain is consistently allocated to slice zero."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-h</option>,<option>--help</option>"
@@ -6947,3 +7605,27 @@ msgid ""
"<emphasis> This is an experimental feature, please use http://fedorahosted."
"org/sssd to report any issues. </emphasis>"
msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/local.xml:2
+msgid "THE LOCAL DOMAIN"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:4
+msgid ""
+"In order to function correctly, a domain with <quote>id_provider=local</"
+"quote> must be created and the SSSD must be running."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:9
+msgid ""
+"The administrator might want to use the SSSD local users instead of "
+"traditional UNIX users in cases where the group nesting (see <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>) is needed. The local users are also useful for testing and "
+"development of the SSSD without having to deploy a full remote server. The "
+"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
+"local LDB storage to store users and groups."
+msgstr ""
diff --git a/src/man/po/ru.po b/src/man/po/ru.po
index 346ca6e68..b0bb45e23 100644
--- a/src/man/po/ru.po
+++ b/src/man/po/ru.po
@@ -8,8 +8,8 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-03-12 16:37-0300\n"
-"PO-Revision-Date: 2012-03-08 11:52+0000\n"
+"POT-Creation-Date: 2012-05-11 14:59-0300\n"
+"PO-Revision-Date: 2012-04-20 17:34+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: Russian <trans-ru@lists.fedoraproject.org>\n"
"Language: ru\n"
@@ -114,18 +114,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1348 sssd-ldap.5.xml:2096
+#: sss_groupmod.8.xml:74 sssd.conf.5.xml:1585 sssd-ldap.5.xml:2177
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138 sss_ssh_authorizedkeys.1.xml:96
+#: sssd-ipa.5.xml:581 sssd.8.xml:191 sss_obfuscate.8.xml:103
+#: sss_useradd.8.xml:169 sssd-krb5.5.xml:451 sss_groupadd.8.xml:60
+#: sss_userdel.8.xml:95 sss_groupdel.8.xml:48 sss_groupshow.8.xml:60
+#: sss_usermod.8.xml:140 sss_ssh_authorizedkeys.1.xml:96
#: sss_ssh_knownhostsproxy.1.xml:95
msgid "SEE ALSO"
msgstr "СМ. ТАКЖЕ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
+#: sss_groupmod.8.xml:76
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -224,7 +224,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:1431
msgid "Section parameters"
msgstr ""
@@ -254,33 +254,35 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:88
msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
+"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
+"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
+"\"with_ssh\">, ssh</phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
+#: sssd.conf.5.xml:96 sssd.conf.5.xml:288
msgid "reconnection_retries (integer)"
msgstr "попыток_соединения (целое число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
+#: sssd.conf.5.xml:99 sssd.conf.5.xml:291
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
+#: sssd.conf.5.xml:104 sssd.conf.5.xml:296
msgid "Default: 3"
msgstr "По умолчанию: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:109
msgid "domains"
msgstr "домены"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:112
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -289,19 +291,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
+#: sssd.conf.5.xml:122
msgid "re_expression (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
+#: sssd.conf.5.xml:125
msgid ""
"Regular expression that describes how to parse the string containing user "
"name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
+#: sssd.conf.5.xml:129
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -309,7 +311,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
+#: sssd.conf.5.xml:134
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -317,19 +319,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:141
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
+#: sssd.conf.5.xml:148
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
+#: sssd.conf.5.xml:151
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to translate "
@@ -337,17 +339,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
+#: sssd.conf.5.xml:159
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "По умолчанию: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
+#: sssd.conf.5.xml:164
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
+#: sssd.conf.5.xml:167
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -356,7 +358,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
+#: sssd.conf.5.xml:175
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -364,45 +366,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
+#: sssd.conf.5.xml:181
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:185
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
+#: sssd.conf.5.xml:192
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
+#: sssd.conf.5.xml:195
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
+#: sssd.conf.5.xml:199
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
+#: sssd.conf.5.xml:205
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:212
+#, fuzzy
+#| msgid "reconnection_retries (integer)"
+msgid "force_timeout (integer)"
+msgstr "попыток_соединения (целое число)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:215
+msgid ""
+"If a service is not responding to ping checks (see the <quote>timeout</"
+"quote> option), it is first sent the SIGTERM signal that instructs it to "
+"quit gracefully. If the service does not terminate after "
+"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down "
+"by sending a SIGKILL signal."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:542 sssd.conf.5.xml:690
+#: sssd-ldap.5.xml:1034
+msgid "Default: 60"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:63
msgid ""
@@ -415,12 +440,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
+#: sssd.conf.5.xml:234
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
+#: sssd.conf.5.xml:236
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -429,128 +454,128 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
+#: sssd.conf.5.xml:243
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
+#: sssd.conf.5.xml:245
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
+#: sssd.conf.5.xml:249
msgid "debug_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
+#: sssd.conf.5.xml:253
msgid "debug_timestamps (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
+#: sssd.conf.5.xml:256
msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:393 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:408 sssd.conf.5.xml:793
+#: sssd-ldap.5.xml:1399 sssd-ldap.5.xml:1525 sssd-ipa.5.xml:225
+#: sssd-ipa.5.xml:260
msgid "Default: true"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
+#: sssd.conf.5.xml:264
msgid "debug_microseconds (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
+#: sssd.conf.5.xml:267
msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:658 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:270 sssd.conf.5.xml:740 sssd.conf.5.xml:1368
+#: sssd-ldap.5.xml:620 sssd-ldap.5.xml:1312 sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1468 sssd-ldap.5.xml:1874 sssd-ipa.5.xml:123
+#: sssd-ipa.5.xml:320 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269
+#: sssd-krb5.5.xml:418
msgid "Default: false"
msgstr "По умолчанию: false"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "fd_limit"
+#: sssd.conf.5.xml:275
+msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:278
msgid ""
-"This option specifies the maximum number of file descriptors that may be "
-"opened at one time by this SSSD process. On systems where SSSD is granted "
-"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
-"systems without this capability, the resulting value will be the lower value "
-"of this or the limits.conf \"hard\" limit."
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:282
-msgid "Default: 8192 (or limits.conf \"hard\" limit)"
-msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:283 sssd-ldap.5.xml:1183
+msgid "Default: 10"
+msgstr "По умолчанию: 10"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:287
-msgid "command (string)"
+#: sssd.conf.5.xml:301
+msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:290
+#: sssd.conf.5.xml:304
msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>. This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
+"This option specifies the maximum number of file descriptors that may be "
+"opened at one time by this SSSD process. On systems where SSSD is granted "
+"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
+"systems without this capability, the resulting value will be the lower value "
+"of this or the limits.conf \"hard\" limit."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298
-msgid "Default: <command>sssd_${service_name}</command>"
+#: sssd.conf.5.xml:313
+msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:306
+#: sssd.conf.5.xml:321
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:308
+#: sssd.conf.5.xml:323
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:313
+#: sssd.conf.5.xml:328
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316
+#: sssd.conf.5.xml:331
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:335
msgid "Default: 120"
msgstr "По умолчанию: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:325
+#: sssd.conf.5.xml:340
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:328
+#: sssd.conf.5.xml:343
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -558,7 +583,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:349
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -568,7 +593,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:359
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -577,17 +602,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:352
+#: sssd.conf.5.xml:367
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:357
+#: sssd.conf.5.xml:372
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:375
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -595,17 +620,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:686 sssd-krb5.5.xml:223
+#: sssd.conf.5.xml:381 sssd.conf.5.xml:768 sssd-krb5.5.xml:223
msgid "Default: 15"
msgstr "По умолчанию: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:371
+#: sssd.conf.5.xml:386
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:374
+#: sssd.conf.5.xml:389
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -614,78 +639,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:396
msgid "Default: root"
msgstr "По умолчанию: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:401
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:389
+#: sssd.conf.5.xml:404
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398
+#: sssd.conf.5.xml:413
msgid "override_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:166
+#: sssd.conf.5.xml:422 sssd-krb5.5.xml:166
msgid "%u"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd-krb5.5.xml:167
+#: sssd.conf.5.xml:423 sssd-krb5.5.xml:167
msgid "login name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:411 sssd-krb5.5.xml:170
+#: sssd.conf.5.xml:426 sssd-krb5.5.xml:170
msgid "%U"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:412
+#: sssd.conf.5.xml:427
msgid "UID number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:415 sssd-krb5.5.xml:188
+#: sssd.conf.5.xml:430 sssd-krb5.5.xml:188
msgid "%d"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:416
+#: sssd.conf.5.xml:431
msgid "domain name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:419
+#: sssd.conf.5.xml:434
msgid "%f"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:435
msgid "fully qualified user name (user@domain)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:423 sssd-krb5.5.xml:200
+#: sssd.conf.5.xml:438 sssd-krb5.5.xml:200
msgid "%%"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424 sssd-krb5.5.xml:201
+#: sssd.conf.5.xml:439 sssd-krb5.5.xml:201
msgid "a literal '%'"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:401
+#: sssd.conf.5.xml:416
msgid ""
"Override the user's home directory. You can either provide an absolute value "
"or a template. In the template, the following sequences are substituted: "
@@ -693,138 +718,194 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430
+#: sssd.conf.5.xml:445
msgid "This option can also be set per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:450
+msgid "fallback_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:453
+msgid ""
+"Set a default template for a user's home directory if one is not specified "
+"explicitly by the domain's data provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:458
+msgid ""
+"The available values for this option are the same as for override_homedir."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:462
+msgid "Default: not set (no substitution for unset home directories)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:468
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
+#: sssd.conf.5.xml:471
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
+#: sssd.conf.5.xml:474
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
+#: sssd.conf.5.xml:478
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:483
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:455
+#: sssd.conf.5.xml:488
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:458
+#: sssd.conf.5.xml:491
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:462
+#: sssd.conf.5.xml:495
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:500
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:503
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:475
+#: sssd.conf.5.xml:508
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:511
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
+#: sssd.conf.5.xml:515
msgid "Default: /bin/sh"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:520
+#, fuzzy
+#| msgid "Default: loginShell"
+msgid "default_shell"
+msgstr "По умолчанию: loginShell"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:523
+msgid ""
+"The default shell to use if the provider does not return one during lookup. "
+"This option supercedes any other shell options if it takes effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:528
+msgid ""
+"Default: not set (Return NULL if no shell is specified and rely on libc to "
+"substitute something sensible when necessary, usually /bin/sh)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:535 sssd.conf.5.xml:683
+msgid "get_domains_timeout (int)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:538 sssd.conf.5.xml:686
+msgid ""
+"Specifies time in seconds for which the list of subdomains will be "
+"considered valid."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:489
+#: sssd.conf.5.xml:549
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:491
+#: sssd.conf.5.xml:551
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:556
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:499
+#: sssd.conf.5.xml:559
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504 sssd.conf.5.xml:517
+#: sssd.conf.5.xml:564 sssd.conf.5.xml:577
msgid "Default: 0 (No limit)"
msgstr "По умолчанию: 0 (неограничено)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:570
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:513
+#: sssd.conf.5.xml:573
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:523
+#: sssd.conf.5.xml:583
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:586
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:591
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -832,59 +913,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537 sssd.conf.5.xml:590 sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:597 sssd.conf.5.xml:650 sssd.conf.5.xml:1315
msgid "Default: 5"
msgstr "По умолчанию: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:603
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:606
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:611
msgid "Currently sssd supports the following values:"
msgstr "В настоящее время sssd поддерживает следующие значения:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:554
+#: sssd.conf.5.xml:614
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:557
+#: sssd.conf.5.xml:617
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:621
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:624
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:568 sssd.8.xml:63
+#: sssd.conf.5.xml:628 sssd.8.xml:63
msgid "Default: 1"
msgstr "По умолчанию: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:573
+#: sssd.conf.5.xml:633
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:636
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -892,7 +973,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
+#: sssd.conf.5.xml:642
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -901,45 +982,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:656
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:659 sssd.conf.5.xml:972
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:662
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
"cannot display a warning."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:668 sssd.conf.5.xml:975
+msgid ""
+"If zero is set, then this filter is not applied, i.e. if the expiration "
+"warning was received from backend server, it will automatically be displayed."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:608
-msgid "Default: 7"
+#: sssd.conf.5.xml:673
+msgid ""
+"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
+"emphasis> for a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:678 sssd.8.xml:79
+msgid "Default: 0"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:616
+#: sssd.conf.5.xml:698
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:618
+#: sssd.conf.5.xml:700
msgid "These options can be used to configure the sudo service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:707
msgid "sudo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:710
msgid ""
"For any sudo request that comes while SSSD is online, the SSSD will attempt "
"to update the cached rules in order to ensure that sudo has the latest "
@@ -947,7 +1042,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:716
msgid ""
"The user may, however, run a couple of sudo commands successively, which "
"would trigger multiple LDAP requests. In order to speed up this use-case, "
@@ -956,71 +1051,95 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:641
+#: sssd.conf.5.xml:723
msgid ""
"This option controls how long (in seconds) can the sudo service cache rules "
"for a user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:727
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:732
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:735
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:748
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:750
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:676
+#: sssd.conf.5.xml:758
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:679
+#: sssd.conf.5.xml:761
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
"before asking the back end again."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:776
+#, fuzzy
+#| msgid "the configuration file for SSSD"
+msgid "SSH configuration options"
+msgstr "Файл конфигурации SSSD"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:778
+msgid "These options can be used to configure the SSH service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:786
+msgid "ssh_hash_known_hosts (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:789
+msgid ""
+"Whether or not to hash host names and adresses in the managed known_hosts "
+"file."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:803
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:810
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:706
+#: sssd.conf.5.xml:813
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:711
+#: sssd.conf.5.xml:818
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1029,56 +1148,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:825
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
-msgid ""
-"Timeout in seconds between heartbeats for this domain. This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr "По умолчанию: 10"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:738
+#: sssd.conf.5.xml:831
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:834
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:745
+#: sssd.conf.5.xml:838
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:841
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:856 sssd.conf.5.xml:910
+#: sssd.conf.5.xml:844 sssd.conf.5.xml:949 sssd.conf.5.xml:1031
msgid "Default: FALSE"
msgstr "По умолчанию: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:754
+#: sssd.conf.5.xml:847
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1088,14 +1190,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:764
+#: sssd.conf.5.xml:857
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:862
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1104,98 +1206,98 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:873
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:876
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:880
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:886
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796
+#: sssd.conf.5.xml:889
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800 sssd.conf.5.xml:813 sssd.conf.5.xml:826
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:893 sssd.conf.5.xml:906 sssd.conf.5.xml:919
+#: sssd.conf.5.xml:932
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:899
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:902
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:819
+#: sssd.conf.5.xml:912
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:915
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:925
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:928
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:938
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:941
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:945
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:861
+#: sssd.conf.5.xml:954
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:957
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1204,47 +1306,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:964
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:969
+msgid "pwd_expiration_warning (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:980
+msgid ""
+"Please note that the backend server has to provide information about the "
+"expiration time of the password. If this information is missing, sssd "
+"cannot display a warning. Also an auth provider has to be configured for the "
+"backend."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:987
+msgid "Default: 7 (Kerberos), 0 (LDAP)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:993
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:880
+#: sssd.conf.5.xml:996
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:1000
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:887
+#: sssd.conf.5.xml:1003
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:890
+#: sssd.conf.5.xml:1006
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:1009
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:899
+#: sssd.conf.5.xml:1015
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:1018
+msgid ""
+"Use the full name and domain (as formatted by the domain's full_name_format) "
+"as the user's login name reported to NSS."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1023
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1253,19 +1381,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:915
+#: sssd.conf.5.xml:1036
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:918
+#: sssd.conf.5.xml:1039
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
+#: sssd.conf.5.xml:1043
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1273,7 +1401,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:929
+#: sssd.conf.5.xml:1050
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1281,30 +1409,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:1057
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1060
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1063
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:1069
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:951
+#: sssd.conf.5.xml:1072
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1312,17 +1440,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
-msgid "<quote>permit</quote> always allow access."
+#: sssd.conf.5.xml:1078
+msgid ""
+"<quote>permit</quote> always allow access. It's the only permitted access "
+"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:960
+#: sssd.conf.5.xml:1081
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1084
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1331,24 +1461,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1091
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1096
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:978
+#: sssd.conf.5.xml:1099
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1104
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1356,7 +1486,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:991
+#: sssd.conf.5.xml:1112
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1364,7 +1494,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1120
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1372,35 +1502,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1007
+#: sssd.conf.5.xml:1128
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1011
+#: sssd.conf.5.xml:1132
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1135
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1021
+#: sssd.conf.5.xml:1142
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1148
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1031
+#: sssd.conf.5.xml:1152
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1408,29 +1538,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
+#: sssd.conf.5.xml:1159
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1041
+#: sssd.conf.5.xml:1162 sssd.conf.5.xml:1246 sssd.conf.5.xml:1271
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1047
+#: sssd.conf.5.xml:1168
msgid "session_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1171
msgid ""
"The provider which should handle loading of session settings. Supported "
"session providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1055
+#: sssd.conf.5.xml:1176
msgid ""
"<quote>ipa</quote> to load session settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1438,66 +1568,153 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1184
msgid "<quote>none</quote> disallows fetching session settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1187
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"session loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1193
+msgid "subdomains_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1196
+msgid ""
+"The provider which should handle fetching of subdomains. This value should "
+"be always the same as id_provider. Supported subdomain providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1201
+msgid ""
+"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1209
+msgid "<quote>none</quote> disallows fetching subdomains explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1212 sssd-ldap.5.xml:1499
+msgid "Default: none"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1218
+msgid "autofs_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1224
+msgid ""
+"The autofs provider used for the domain. Supported autofs providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1228
+msgid ""
+"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1235
+msgid ""
+"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
+"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1243
+msgid "<quote>none</quote> disables autofs explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1253
+msgid "hostid_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1256
+msgid ""
+"The provider used for retrieving host identity information. Supported "
+"hostid providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1260
+msgid ""
+"<quote>ipa</quote> to load host identity stored in an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1268
+msgid "<quote>none</quote> disables hostid explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1278
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1076
+#: sssd.conf.5.xml:1281
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1285
msgid "Supported values:"
msgstr "Поддерживаемые значения:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1083
+#: sssd.conf.5.xml:1288
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1291
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1294
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1092
+#: sssd.conf.5.xml:1297
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1095
+#: sssd.conf.5.xml:1300
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1306
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1104
+#: sssd.conf.5.xml:1309
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1505,51 +1722,83 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1321
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1324
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1328
msgid "Default: Use the domain part of machine's hostname"
msgstr "По умолчанию: использовать доменное имя из hostname"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1129
+#: sssd.conf.5.xml:1334
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1337
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1138
+#: sssd.conf.5.xml:1343
msgid "case_sensitive (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1346
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1351
msgid "Default: True"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1357
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1360
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1374
+msgid "subdomain_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1377
+msgid ""
+"Use this homedir as default value for all subdomains within this domain. See "
+"<emphasis>override_homedir</emphasis> for info about possible values."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1382
+msgid ""
+"The value can be overridden by <emphasis>override_homedir</emphasis> option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:805
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1557,29 +1806,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1395
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1398
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1401
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1409
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1412
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1587,19 +1836,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1154
+#: sssd.conf.5.xml:1391
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1187
+#: sssd.conf.5.xml:1424
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1426
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1607,73 +1856,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1433
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1436
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1440
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1445
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211
+#: sssd.conf.5.xml:1448
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1453
msgid "Default: <filename>/home</filename>"
msgstr "По умолчанию: <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1221
+#: sssd.conf.5.xml:1458
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1224
+#: sssd.conf.5.xml:1461
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1228 sssd.conf.5.xml:1240
+#: sssd.conf.5.xml:1465 sssd.conf.5.xml:1477
msgid "Default: TRUE"
msgstr "По умолчанию: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1470
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1473
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1245
+#: sssd.conf.5.xml:1482
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1248
+#: sssd.conf.5.xml:1485
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1681,17 +1930,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1256
+#: sssd.conf.5.xml:1493
msgid "Default: 077"
msgstr "По умолчанию: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1498
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1501
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1700,17 +1949,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1274
+#: sssd.conf.5.xml:1511
msgid "Default: <filename>/etc/skel</filename>"
msgstr "По умолчанию: <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1516
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1519
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1718,17 +1967,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1289
+#: sssd.conf.5.xml:1526
msgid "Default: <filename>/var/mail</filename>"
msgstr "По умолчанию: <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1531
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1297
+#: sssd.conf.5.xml:1534
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1736,18 +1985,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1540
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1313 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1550 sssd-ldap.5.xml:2145 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:563 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr "ПРИМЕР"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1319
+#: sssd.conf.5.xml:1556
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1777,7 +2026,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1552
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1786,7 +2035,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1587
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1985,216 +2234,234 @@ msgstr ""
msgid ""
"Specifies the Schema Type in use on the target LDAP server. Depending on "
"the selected schema, the default attribute names retrieved from the servers "
-"may vary. The way that some attributes are handled may also differ. Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
+"may vary. The way that some attributes are handled may also differ. Four "
+"schema types are currently supported: rfc2307 rfc2307bis IPA AD The main "
"difference between these schema types is how group memberships are recorded "
"in the server. With rfc2307, group members are listed by name in the "
"<emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, group "
"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
+"attribute. The AD schema type sets the attributes to correspond with Active "
+"Directory 2008r2 values."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
+#: sssd-ldap.5.xml:183
msgid "Default: rfc2307"
msgstr "По умолчанию: rfc2307"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
+#: sssd-ldap.5.xml:189
msgid "ldap_default_bind_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
+#: sssd-ldap.5.xml:192
msgid "The default bind DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
+#: sssd-ldap.5.xml:199
msgid "ldap_default_authtok_type (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
+#: sssd-ldap.5.xml:202
msgid "The type of the authentication token of the default bind DN."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
+#: sssd-ldap.5.xml:206
msgid "The two mechanisms currently supported are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
+#: sssd-ldap.5.xml:209
msgid "password"
msgstr "пароль"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
+#: sssd-ldap.5.xml:212
msgid "obfuscated_password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
+#: sssd-ldap.5.xml:215
msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
+#: sssd-ldap.5.xml:221
msgid "ldap_default_authtok (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
+#: sssd-ldap.5.xml:224
msgid ""
"The authentication token of the default bind DN. Only clear text passwords "
"are currently supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
+#: sssd-ldap.5.xml:231
msgid "ldap_user_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
+#: sssd-ldap.5.xml:234
msgid "The object class of a user entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
+#: sssd-ldap.5.xml:237
msgid "Default: posixAccount"
msgstr "По умолчанию: posixAccount"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
+#: sssd-ldap.5.xml:243
msgid "ldap_user_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
+#: sssd-ldap.5.xml:246
msgid "The LDAP attribute that corresponds to the user's login name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
+#: sssd-ldap.5.xml:250
msgid "Default: uid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
+#: sssd-ldap.5.xml:256
msgid "ldap_user_uid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
+#: sssd-ldap.5.xml:259
msgid "The LDAP attribute that corresponds to the user's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
+#: sssd-ldap.5.xml:263
msgid "Default: uidNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
+#: sssd-ldap.5.xml:269
msgid "ldap_user_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
+#: sssd-ldap.5.xml:272
msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
+#: sssd-ldap.5.xml:276 sssd-ldap.5.xml:758
msgid "Default: gidNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
+#: sssd-ldap.5.xml:282
msgid "ldap_user_gecos (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
+#: sssd-ldap.5.xml:285
msgid "The LDAP attribute that corresponds to the user's gecos field."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
+#: sssd-ldap.5.xml:289
msgid "Default: gecos"
msgstr "По умолчанию: gecos"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
+#: sssd-ldap.5.xml:295
msgid "ldap_user_home_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
+#: sssd-ldap.5.xml:298
msgid "The LDAP attribute that contains the name of the user's home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
+#: sssd-ldap.5.xml:302
msgid "Default: homeDirectory"
msgstr "По умолчанию: homeDirectory"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
+#: sssd-ldap.5.xml:308
msgid "ldap_user_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
+#: sssd-ldap.5.xml:311
msgid "The LDAP attribute that contains the path to the user's default shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
+#: sssd-ldap.5.xml:315
msgid "Default: loginShell"
msgstr "По умолчанию: loginShell"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
+#: sssd-ldap.5.xml:321
msgid "ldap_user_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
+#: sssd-ldap.5.xml:324
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
+#: sssd-ldap.5.xml:328 sssd-ldap.5.xml:784 sssd-ldap.5.xml:911
msgid "Default: nsUniqueId"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
+#: sssd-ldap.5.xml:334
+msgid "ldap_user_objectsid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:337
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP user object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:342 sssd-ldap.5.xml:798
+msgid "Default: objectSid for ActiveDirectory, not set for other servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:349
msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
+#: sssd-ldap.5.xml:352 sssd-ldap.5.xml:808 sssd-ldap.5.xml:920
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
+#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:812 sssd-ldap.5.xml:927
msgid "Default: modifyTimestamp"
msgstr "По умолчанию: modifyTimestamp"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
+#: sssd-ldap.5.xml:362
msgid "ldap_user_shadow_last_change (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
+#: sssd-ldap.5.xml:365
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2203,17 +2470,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
+#: sssd-ldap.5.xml:375
msgid "Default: shadowLastChange"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
+#: sssd-ldap.5.xml:381
msgid "ldap_user_shadow_min (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
+#: sssd-ldap.5.xml:384
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2222,17 +2489,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
+#: sssd-ldap.5.xml:393
msgid "Default: shadowMin"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
+#: sssd-ldap.5.xml:399
msgid "ldap_user_shadow_max (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
+#: sssd-ldap.5.xml:402
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2241,17 +2508,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
+#: sssd-ldap.5.xml:411
msgid "Default: shadowMax"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
+#: sssd-ldap.5.xml:417
msgid "ldap_user_shadow_warning (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
+#: sssd-ldap.5.xml:420
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2260,17 +2527,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
+#: sssd-ldap.5.xml:430
msgid "Default: shadowWarning"
msgstr "По умолчанию: shadowWarning"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
+#: sssd-ldap.5.xml:436
msgid "ldap_user_shadow_inactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
+#: sssd-ldap.5.xml:439
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2279,17 +2546,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
+#: sssd-ldap.5.xml:449
msgid "Default: shadowInactive"
msgstr "По умолчанию: shadowInactive"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
+#: sssd-ldap.5.xml:455
msgid "ldap_user_shadow_expire (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
+#: sssd-ldap.5.xml:458
msgid ""
"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
"parameter contains the name of an LDAP attribute corresponding to its "
@@ -2298,17 +2565,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
+#: sssd-ldap.5.xml:468
msgid "Default: shadowExpire"
msgstr "По умолчанию: shadowExpire"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
+#: sssd-ldap.5.xml:474
msgid "ldap_user_krb_last_pwd_change (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
+#: sssd-ldap.5.xml:477
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time of last password change in "
@@ -2316,158 +2583,158 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
+#: sssd-ldap.5.xml:483
msgid "Default: krbLastPwdChange"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
+#: sssd-ldap.5.xml:489
msgid "ldap_user_krb_password_expiration (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
+#: sssd-ldap.5.xml:492
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time when current password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
+#: sssd-ldap.5.xml:498
msgid "Default: krbPasswordExpiration"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
+#: sssd-ldap.5.xml:504
msgid "ldap_user_ad_account_expires (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
+#: sssd-ldap.5.xml:507
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the expiration time of the account."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
+#: sssd-ldap.5.xml:512
msgid "Default: accountExpires"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
+#: sssd-ldap.5.xml:518
msgid "ldap_user_ad_user_account_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
+#: sssd-ldap.5.xml:521
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the user account control bit field."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
+#: sssd-ldap.5.xml:526
msgid "Default: userAccountControl"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
+#: sssd-ldap.5.xml:532
msgid "ldap_ns_account_lock (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
+#: sssd-ldap.5.xml:535
msgid ""
"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
"determines if access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
+#: sssd-ldap.5.xml:540
msgid "Default: nsAccountLock"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
+#: sssd-ldap.5.xml:546
msgid "ldap_user_nds_login_disabled (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
+#: sssd-ldap.5.xml:549
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines if "
"access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
+#: sssd-ldap.5.xml:553 sssd-ldap.5.xml:567
msgid "Default: loginDisabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
+#: sssd-ldap.5.xml:559
msgid "ldap_user_nds_login_expiration_time (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
+#: sssd-ldap.5.xml:562
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines until "
"which date access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
+#: sssd-ldap.5.xml:573
msgid "ldap_user_nds_login_allowed_time_map (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
+#: sssd-ldap.5.xml:576
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines the "
"hours of a day in a week when access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
+#: sssd-ldap.5.xml:581
msgid "Default: loginAllowedTimeMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
+#: sssd-ldap.5.xml:587
msgid "ldap_user_principal (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
+#: sssd-ldap.5.xml:590
msgid ""
"The LDAP attribute that contains the user's Kerberos User Principal Name "
"(UPN)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
+#: sssd-ldap.5.xml:594
msgid "Default: krbPrincipalName"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
+#: sssd-ldap.5.xml:600
msgid "ldap_user_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
+#: sssd-ldap.5.xml:603
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
+#: sssd-ldap.5.xml:610
msgid "ldap_force_upper_case_realm (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
+#: sssd-ldap.5.xml:613
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -2476,29 +2743,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
+#: sssd-ldap.5.xml:626
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
+#: sssd-ldap.5.xml:629
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:634 sssd-ldap.5.xml:1887
msgid "Default: 300"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
+#: sssd-ldap.5.xml:640
msgid "ldap_purge_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
+#: sssd-ldap.5.xml:643
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -2506,54 +2773,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
+#: sssd-ldap.5.xml:649
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
+#: sssd-ldap.5.xml:653
msgid "Default: 10800 (12 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
+#: sssd-ldap.5.xml:659
msgid "ldap_user_fullname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
+#: sssd-ldap.5.xml:662
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
+#: sssd-ldap.5.xml:666 sssd-ldap.5.xml:745 sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:952 sssd-ldap.5.xml:1742 sssd-ldap.5.xml:1960
+#: sssd-ipa.5.xml:441
msgid "Default: cn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
+#: sssd-ldap.5.xml:672
msgid "ldap_user_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
+#: sssd-ldap.5.xml:675
msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
+#: sssd-ldap.5.xml:679 sssd-ipa.5.xml:345
msgid "Default: memberOf"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
+#: sssd-ldap.5.xml:685
msgid "ldap_user_authorized_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
+#: sssd-ldap.5.xml:688
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -2561,24 +2828,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
+#: sssd-ldap.5.xml:695
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:700
msgid "Default: authorizedService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
+#: sssd-ldap.5.xml:706
msgid "ldap_user_authorized_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
+#: sssd-ldap.5.xml:709
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -2586,89 +2853,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
+#: sssd-ldap.5.xml:715
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
+#: sssd-ldap.5.xml:720
msgid "Default: host"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:726
msgid "ldap_group_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
+#: sssd-ldap.5.xml:729
msgid "The object class of a group entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
+#: sssd-ldap.5.xml:732
msgid "Default: posixGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:738
msgid "ldap_group_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
+#: sssd-ldap.5.xml:741
msgid "The LDAP attribute that corresponds to the group name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:751
msgid "ldap_group_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:754
msgid "The LDAP attribute that corresponds to the group's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
+#: sssd-ldap.5.xml:764
msgid "ldap_group_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
+#: sssd-ldap.5.xml:767
msgid "The LDAP attribute that contains the names of the group's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
+#: sssd-ldap.5.xml:771
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
+#: sssd-ldap.5.xml:777
msgid "ldap_group_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:780
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:790
+msgid "ldap_group_objectsid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:793
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP group object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:805
msgid "ldap_group_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:818
msgid "ldap_group_nesting_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:821
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -2676,198 +2955,198 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
+#: sssd-ldap.5.xml:828
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:834
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
+#: sssd-ldap.5.xml:837
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
+#: sssd-ldap.5.xml:840
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:844
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
+#: sssd-ldap.5.xml:850
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
+#: sssd-ldap.5.xml:853
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:857
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
+#: sssd-ldap.5.xml:867
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
+#: sssd-ldap.5.xml:870
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
+#: sssd-ldap.5.xml:874
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:878
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:884
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
+#: sssd-ldap.5.xml:887
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
+#: sssd-ldap.5.xml:891 sssd-ldap.5.xml:924
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:894
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
+#: sssd-ldap.5.xml:900
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
+#: sssd-ldap.5.xml:903
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
+#: sssd-ldap.5.xml:907
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
+#: sssd-ldap.5.xml:917
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:933
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:936
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:939
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:945
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:948
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
+#: sssd-ldap.5.xml:958
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
+#: sssd-ldap.5.xml:961
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
+#: sssd-ldap.5.xml:965
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
+#: sssd-ldap.5.xml:971
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:974
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
+#: sssd-ldap.5.xml:978
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
+#: sssd-ldap.5.xml:984
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:987
msgid "An optional base DN to restrict service searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
+#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1997 sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2035 sssd-ldap.5.xml:2098 sssd-ldap.5.xml:2120
+#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 sssd-ipa.5.xml:206
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
+#: sssd-ldap.5.xml:996 sssd-ldap.5.xml:2002 sssd-ldap.5.xml:2021
+#: sssd-ldap.5.xml:2040 sssd-ldap.5.xml:2103 sssd-ldap.5.xml:2125
#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
+#: sssd-ldap.5.xml:1003
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1006
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2875,7 +3154,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
+#: sssd-ldap.5.xml:1012
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2883,35 +3162,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
+#: sssd-ldap.5.xml:1018 sssd-ldap.5.xml:1060 sssd-ldap.5.xml:1075
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1024
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1027
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
"are returned (and offline mode is entered)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1040
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1043
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2922,12 +3196,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
+#: sssd-ldap.5.xml:1066
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
+#: sssd-ldap.5.xml:1069
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2935,12 +3209,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1081
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1084
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -2949,34 +3223,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
+#: sssd-ldap.5.xml:1092
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1098
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
+#: sssd-ldap.5.xml:1101
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1106
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
+#: sssd-ldap.5.xml:1112
+msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1115
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -2984,27 +3258,50 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
+#: sssd-ldap.5.xml:1121
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1127
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
"requests being denied."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1133 include/ldap_id_mapping.xml:184
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1139
+msgid "ldap_sasl_minssf (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1142
+msgid ""
+"When communicating with an LDAP server using SASL, specify the minimum "
+"security level necessary to establish the connection. The values of this "
+"option are defined by OpenLDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1148
+msgid "Default: Use the system default (usually specified by ldap.conf)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1155
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1158
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -3012,13 +3309,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1164
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1168
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -3027,7 +3324,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
+#: sssd-ldap.5.xml:1176
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -3035,26 +3332,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1189
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
+#: sssd-ldap.5.xml:1192
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1198
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
+#: sssd-ldap.5.xml:1202
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3062,7 +3359,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1209
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3070,7 +3367,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1215
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3078,41 +3375,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1221
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1225
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
+#: sssd-ldap.5.xml:1231
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
+#: sssd-ldap.5.xml:1234
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
+#: sssd-ldap.5.xml:1239 sssd-ldap.5.xml:1257 sssd-ldap.5.xml:1298
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1246
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1249
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3121,38 +3418,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1264
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1267
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1271 sssd-ldap.5.xml:1283 sssd-ldap.5.xml:1344
+#: sssd-ldap.5.xml:2058 sssd-ldap.5.xml:2085 sssd-krb5.5.xml:359
+#: include/ldap_id_mapping.xml:145 include/ldap_id_mapping.xml:156
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1277
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1280
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
+#: sssd-ldap.5.xml:1289
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
+#: sssd-ldap.5.xml:1292
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3160,90 +3458,103 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1305
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1308
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
+#: sssd-ldap.5.xml:1318
+msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1321
msgid ""
-"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
-"supported."
+"Specifies that SSSD should attempt to map user and group IDs from the "
+"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
+"on ldap_user_uid_number and ldap_group_gid_number."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
+#: sssd-ldap.5.xml:1327
+msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1337
+msgid "ldap_sasl_mech (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1340
+msgid ""
+"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
+"supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1350
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
+#: sssd-ldap.5.xml:1353
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
+#: sssd-ldap.5.xml:1358
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1364
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
+#: sssd-ldap.5.xml:1367
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
+#: sssd-ldap.5.xml:1372
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1378
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
+#: sssd-ldap.5.xml:1381
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1384
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
+#: sssd-ldap.5.xml:1390
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
+#: sssd-ldap.5.xml:1393
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -3251,27 +3562,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1405
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1408
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
+#: sssd-ldap.5.xml:1412
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1418 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1421 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -3283,7 +3594,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1433 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -3291,7 +3602,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1438 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -3299,53 +3610,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1447 sssd-ipa.5.xml:235 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1450
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
+#: sssd-ldap.5.xml:1453
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1459 sssd-ipa.5.xml:250 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1462
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
+#: sssd-ldap.5.xml:1474
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
+#: sssd-ldap.5.xml:1477
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1482
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
+#: sssd-ldap.5.xml:1487
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -3353,7 +3664,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
+#: sssd-ldap.5.xml:1493
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -3361,76 +3672,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1505
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1508
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
+#: sssd-ldap.5.xml:1512
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1517
+msgid ""
+"Chasing referrals may incur a performance penalty in environments that use "
+"them heavily, a notable example is Microsoft Active Directory. If your setup "
+"does not in fact require the use of referrals, setting this option to false "
+"might bring a noticeable performance improvement."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1531
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1534
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1538
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1544
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
+#: sssd-ldap.5.xml:1547
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1552
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
+#: sssd-ldap.5.xml:1558
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1561
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
+"it will result in all users being denied access. Use access_provider = "
+"permit to change this default behavior."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:1571 sssd-ldap.5.xml:2061
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
+#: sssd-ldap.5.xml:1574
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3439,14 +3759,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1578
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
+#: sssd-ldap.5.xml:1583
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3455,24 +3775,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1591 sssd-ldap.5.xml:1641
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1597
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1600
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1604
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3480,19 +3800,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1611
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1614
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1619
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3501,7 +3821,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1626
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3509,7 +3829,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
+#: sssd-ldap.5.xml:1632
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3518,89 +3838,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
+#: sssd-ldap.5.xml:1647
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
+#: sssd-ldap.5.xml:1650
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1654
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1657
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1661
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
+#: sssd-ldap.5.xml:1666
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1670
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1673
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1680
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
+#: sssd-ldap.5.xml:1683
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1688
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1692
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1697
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1702
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1707
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3617,212 +3937,212 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1718
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1723
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
+#: sssd-ldap.5.xml:1726
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1729
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1735
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1738
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1748
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1751
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
+#: sssd-ldap.5.xml:1755
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
+#: sssd-ldap.5.xml:1761
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
+#: sssd-ldap.5.xml:1764
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
+#: sssd-ldap.5.xml:1769
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1775
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
+#: sssd-ldap.5.xml:1778
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
+#: sssd-ldap.5.xml:1782
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1788
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
+#: sssd-ldap.5.xml:1791
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
+#: sssd-ldap.5.xml:1795
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
+#: sssd-ldap.5.xml:1801
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1804
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
+#: sssd-ldap.5.xml:1808
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
+#: sssd-ldap.5.xml:1814
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
+#: sssd-ldap.5.xml:1817
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
+#: sssd-ldap.5.xml:1821
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
+#: sssd-ldap.5.xml:1827
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
+#: sssd-ldap.5.xml:1830
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1834
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
+#: sssd-ldap.5.xml:1840
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
+#: sssd-ldap.5.xml:1843
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1848
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1854
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1857
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
+#: sssd-ldap.5.xml:1861
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1867
msgid "ldap_sudo_refresh_enabled (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1870
msgid ""
"Enables periodical download of all sudo rules. The cache is purged before "
"each update."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1880
msgid "ldap_sudo_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
+#: sssd-ldap.5.xml:1883
msgid ""
"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1721
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1894
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -3831,76 +4151,76 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1904
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
+#: sssd-ldap.5.xml:1906
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1913
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1916 sssd-ldap.5.xml:1942
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1919 sssd-ldap.5.xml:1946
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
+#: sssd-ldap.5.xml:1926
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
+#: sssd-ldap.5.xml:1929
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
+#: sssd-ldap.5.xml:1932
msgid "Default: ou"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1939
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1953
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
+#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:1970
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1967
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1974
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1911
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -3909,62 +4229,62 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
+#: sssd-ldap.5.xml:1983
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
+#: sssd-ldap.5.xml:1990
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
+#: sssd-ldap.5.xml:1993
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:2009
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
+#: sssd-ldap.5.xml:2012
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
+#: sssd-ldap.5.xml:2028
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:2031
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:2047
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
+#: sssd-ldap.5.xml:2050
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
+#: sssd-ldap.5.xml:2054
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2064
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3972,55 +4292,55 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
+#: sssd-ldap.5.xml:2067
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2074
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
+#: sssd-ldap.5.xml:2077
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2081
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2091
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2094
msgid ""
"An optional base DN to restrict sudo rules searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
+#: sssd-ldap.5.xml:2113
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
+#: sssd-ldap.5.xml:2116
msgid ""
"An optional base DN to restrict automounter searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1985
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -4028,7 +4348,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2147
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -4036,7 +4356,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
+#: sssd-ldap.5.xml:2153
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -4049,19 +4369,19 @@ msgid ""
" enumerate = true\n"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
+#. type: Content of: <refsect1><refsect2><para>
+#: sssd-ldap.5.xml:2152 sssd-simple.5.xml:134 sssd-ipa.5.xml:571
+#: sssd-krb5.5.xml:441 include/ldap_id_mapping.xml:63
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:2166 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
+#: sssd-ldap.5.xml:2168
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -4070,7 +4390,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
+#: sssd-ldap.5.xml:2179
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -4592,40 +4912,55 @@ msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:199
+msgid "ipa_subdomains_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:202
+msgid "Optional. Use the given string as search base for trusted domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:218 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:221 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
+#: sssd-ipa.5.xml:228
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
+#: sssd-ipa.5.xml:238
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:242
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
+#: sssd-ipa.5.xml:253
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -4633,12 +4968,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
+#: sssd-ipa.5.xml:266
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
+#: sssd-ipa.5.xml:269
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -4646,17 +4981,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
+#: sssd-ipa.5.xml:276
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
+#: sssd-ipa.5.xml:281
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
+#: sssd-ipa.5.xml:284
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -4665,313 +5000,313 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
+#: sssd-ipa.5.xml:293
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
+#: sssd-ipa.5.xml:298
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
+#: sssd-ipa.5.xml:303
msgid "Default: DENY_ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
+#: sssd-ipa.5.xml:308
msgid "ipa_hbac_support_srchost (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:311
msgid ""
"If this is set to false, then srchost as given to SSSD by PAM will be "
"ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
+#: sssd-ipa.5.xml:315
msgid ""
"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
+#: sssd-ipa.5.xml:326
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
+#: sssd-ipa.5.xml:329
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
+#: sssd-ipa.5.xml:332
msgid "Default: The location named \"default\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:338
msgid "ipa_netgroup_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
+#: sssd-ipa.5.xml:341
msgid "The LDAP attribute that lists netgroup's memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
+#: sssd-ipa.5.xml:350
msgid "ipa_netgroup_member_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
+#: sssd-ipa.5.xml:353
msgid ""
"The LDAP attribute that lists system users and groups that are direct "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:358 sssd-ipa.5.xml:453
msgid "Default: memberUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
+#: sssd-ipa.5.xml:363
msgid "ipa_netgroup_member_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:366
msgid ""
"The LDAP attribute that lists hosts and host groups that are direct members "
"of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:370 sssd-ipa.5.xml:465
msgid "Default: memberHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:375
msgid "ipa_netgroup_member_ext_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
+#: sssd-ipa.5.xml:378
msgid ""
"The LDAP attribute that lists FQDNs of hosts and host groups that are "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
+#: sssd-ipa.5.xml:382
msgid "Default: externalHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
+#: sssd-ipa.5.xml:387
msgid "ipa_netgroup_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:390
msgid "The LDAP attribute that contains NIS domain name of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
+#: sssd-ipa.5.xml:394
msgid "Default: nisDomainName"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
+#: sssd-ipa.5.xml:400
msgid "ipa_host_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
+#: sssd-ipa.5.xml:403 sssd-ipa.5.xml:426
msgid "The object class of a host entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
+#: sssd-ipa.5.xml:406 sssd-ipa.5.xml:429
msgid "Default: ipaHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:411
msgid "ipa_host_fqdn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
+#: sssd-ipa.5.xml:414
msgid "The LDAP attribute that contains FQDN of the host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
+#: sssd-ipa.5.xml:417
msgid "Default: fqdn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
+#: sssd-ipa.5.xml:423
msgid "ipa_selinux_usermap_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
+#: sssd-ipa.5.xml:434
msgid "ipa_selinux_usermap_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:437
msgid "The LDAP attribute that contains the name of SELinux usermap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:446
msgid "ipa_selinux_usermap_member_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
+#: sssd-ipa.5.xml:449
msgid ""
"The LDAP attribute that contains all users / groups this rule match against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
+#: sssd-ipa.5.xml:458
msgid "ipa_selinux_usermap_member_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
+#: sssd-ipa.5.xml:461
msgid ""
"The LDAP attribute that contains all hosts / hostgroups this rule match "
"against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:470
msgid "ipa_selinux_usermap_see_also (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:473
msgid ""
"The LDAP attribute that contains DN of HBAC rule which can be used for "
"matching instead of memberUser and memberHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
+#: sssd-ipa.5.xml:478
msgid "Default: seeAlso"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
+#: sssd-ipa.5.xml:483
msgid "ipa_selinux_usermap_selinux_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:486
msgid "The LDAP attribute that contains SELinux user string itself."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:490
msgid "Default: ipaSELinuxUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
+#: sssd-ipa.5.xml:495
msgid "ipa_selinux_usermap_enabled (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
+#: sssd-ipa.5.xml:498
msgid ""
"The LDAP attribute that contains whether or not is user map enabled for "
"usage."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:502
msgid "Default: ipaEnabledFlag"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
+#: sssd-ipa.5.xml:507
msgid "ipa_selinux_usermap_user_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:510
msgid "The LDAP attribute that contains user category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
+#: sssd-ipa.5.xml:514
msgid "Default: userCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:519
msgid "ipa_selinux_usermap_host_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:522
msgid "The LDAP attribute that contains host category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
+#: sssd-ipa.5.xml:526
msgid "Default: hostCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:531
msgid "ipa_selinux_usermap_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
+#: sssd-ipa.5.xml:534
msgid "The LDAP attribute that contains unique ID of the user map."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
+#: sssd-ipa.5.xml:538
msgid "Default: ipaUniqueID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
+#: sssd-ipa.5.xml:543
msgid "ipa_host_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
+#: sssd-ipa.5.xml:546
msgid "The LDAP attribute that contains the host's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:550
msgid "Default: ipaSshPubKey"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:565
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -4979,7 +5314,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:572
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -4989,7 +5324,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
+#: sssd-ipa.5.xml:583
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -5066,11 +5401,6 @@ msgstr ""
msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:85
msgid "<option>-f</option>,<option>--debug-to-files</option>"
@@ -5451,7 +5781,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
+#: sss_useradd.8.xml:171
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -5925,7 +6255,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
+#: sss_groupadd.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6010,7 +6340,7 @@ msgid "Before actually deleting the user, terminate all his processes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
+#: sss_userdel.8.xml:97
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6049,7 +6379,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
+#: sss_groupdel.8.xml:50
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6102,7 +6432,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
+#: sss_groupshow.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6191,7 +6521,7 @@ msgid "The SELinux user for the user's login."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
+#: sss_usermod.8.xml:142
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6302,12 +6632,60 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:108
msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"<option>-s</option>,<option>--service</option> <replaceable>service</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:113
+msgid "Invalidate specific service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:119
+msgid "<option>-S</option>,<option>--services</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:123
+msgid ""
+"Invalidate all service records. This option overrides invalidation of "
+"specific service if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:130
+msgid ""
+"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:135
+msgid "Invalidate specific autofs maps."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:141
+msgid "<option>-A</option>,<option>--autofs-maps</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:145
+msgid ""
+"Invalidate all autofs maps. This option overrides invalidation of specific "
+"map if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:152
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:157
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -6532,7 +6910,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
msgid "Configuration"
msgstr ""
@@ -6648,6 +7026,237 @@ msgid ""
"offline mode, and then attempts to reconnect every 30 seconds."
msgstr ""
+#. type: Content of: <refsect1><title>
+#: include/ldap_id_mapping.xml:2
+msgid "ID MAPPING"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:4
+msgid ""
+"The ID-mapping feature allows SSSD to act as a client of Active Directory "
+"without requiring administrators to extend user attributes to support POSIX "
+"attributes for user and group identifiers."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:9
+msgid ""
+"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are "
+"ignored. This is to avoid the possibility of conflicts between automatically-"
+"assigned and manually-assigned values. If you need to use manually-assigned "
+"values, ALL values must be manually-assigned."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:17
+msgid "Mapping Algorithm"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:19
+msgid ""
+"Active Directory provides an objectSID for every user and group object in "
+"the directory. This objectSID can be broken up into components that "
+"represent the Active Directory domain identity and the relative identifier "
+"(RID) of the user or group object."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:25
+msgid ""
+"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
+"into equally-sized component sections - called \"slices\"-. Each slice "
+"represents the space available to an Active Directory domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:31
+msgid ""
+"When a user or group entry for a particular domain is encountered for the "
+"first time, the SSSD allocates one of the available slices for that domain. "
+"In order to make this slice-assignment repeatable on different client "
+"machines, we select the slice based on the following algorithm:"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:38
+msgid ""
+"The SID string is passed through the murmurhash3 algorithm to convert it to "
+"a 32-bit hashed value. We then take the modulus of this value with the total "
+"number of available slices to pick the slice."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:44
+msgid ""
+"NOTE: It is possible to encounter collisions in the hash and subsequent "
+"modulus. In these situations, we will select the next available slice, but "
+"it may not be possible to reproduce the same exact set of slices on other "
+"machines (since the order that they are encountered will determine their "
+"slice). In this situation, it is recommended to either switch to using "
+"explicit POSIX attributes in Active Directory (disabling ID-mapping) or "
+"configure a default domain to guarantee that at least one is always "
+"consistent. See <quote>Configuration</quote> for details."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:59
+msgid ""
+"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><programlisting>
+#: include/ldap_id_mapping.xml:64
+#, no-wrap
+msgid ""
+"ldap_id_mapping = True\n"
+"ldap_schema = ad\n"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:69
+msgid ""
+"The default configuration results in configuring 10,000 slices, each capable "
+"of holding up to 200,000 IDs, starting from 10,001 and going up to "
+"2,000,100,000. This should be sufficient for most deployments."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><title>
+#: include/ldap_id_mapping.xml:75
+msgid "Advanced Configuration"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:78
+msgid "ldap_idmap_range_min (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:81
+msgid ""
+"Specifies the lower bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:85
+msgid ""
+"NOTE: This option is different from <quote>id_mn</quote> in that "
+"<quote>id_min</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_min</"
+"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:95
+#, fuzzy
+#| msgid "Default: 10"
+msgid "Default: 10001"
+msgstr "По умолчанию: 10"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:100
+msgid "ldap_idmap_range_max (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:103
+msgid ""
+"Specifies the upper bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:107
+msgid ""
+"NOTE: This option is different from <quote>id_max</quote> in that "
+"<quote>id_max</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_max</"
+"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:117
+#, fuzzy
+#| msgid "Default: 10"
+msgid "Default: 2000100000"
+msgstr "По умолчанию: 10"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:122
+msgid "ldap_idmap_range_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:125
+msgid ""
+"Specifies the number of IDs available for each slice. If the range size "
+"does not divide evenly into the min and max values, it will create as many "
+"complete slices as it can."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:131
+#, fuzzy
+#| msgid "Default: 120"
+msgid "Default: 200000"
+msgstr "По умолчанию: 120"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:136
+msgid "ldap_idmap_default_domain_sid (string)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:139
+msgid ""
+"Specify the domain SID of the default domain. This will guarantee that this "
+"domain will always be assigned to slice zero in the ID map, bypassing the "
+"murmurhash algorithm described above."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:150
+msgid "ldap_idmap_default_domain (string)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:153
+msgid "Specify the name of the default domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:161
+msgid "ldap_idmap_autorid_compat (boolean)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:164
+msgid ""
+"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
+"winbind's <quote>idmap_autorid</quote> algorithm."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:169
+msgid ""
+"When this option is configured, domains will be allocated starting with "
+"slice zero and increasing monatomically with each additional domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:174
+msgid ""
+"NOTE: This algorithm is non-deterministic (it depends on the order that "
+"users and groups are requested). If this mode is required for compatibility "
+"with machines running winbind, it is recommended to also use the "
+"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at "
+"least one domain is consistently allocated to slice zero."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-h</option>,<option>--help</option>"
@@ -6767,3 +7376,27 @@ msgid ""
"<emphasis> This is an experimental feature, please use http://fedorahosted."
"org/sssd to report any issues. </emphasis>"
msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/local.xml:2
+msgid "THE LOCAL DOMAIN"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:4
+msgid ""
+"In order to function correctly, a domain with <quote>id_provider=local</"
+"quote> must be created and the SSSD must be running."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:9
+msgid ""
+"The administrator might want to use the SSSD local users instead of "
+"traditional UNIX users in cases where the group nesting (see <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>) is needed. The local users are also useful for testing and "
+"development of the SSSD without having to deploy a full remote server. The "
+"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
+"local LDB storage to store users and groups."
+msgstr ""
diff --git a/src/man/po/sssd-docs.pot b/src/man/po/sssd-docs.pot
index d2092482f..c478138ed 100644
--- a/src/man/po/sssd-docs.pot
+++ b/src/man/po/sssd-docs.pot
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.8.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-03-12 16:37-0300\n"
+"POT-Creation-Date: 2012-05-11 14:59-0300\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -93,12 +93,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1348 sssd-ldap.5.xml:2096 pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103 sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 sss_usermod.8.xml:138 sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:95
+#: sss_groupmod.8.xml:74 sssd.conf.5.xml:1585 sssd-ldap.5.xml:2177 pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 sssd-ipa.5.xml:581 sssd.8.xml:191 sss_obfuscate.8.xml:103 sss_useradd.8.xml:169 sssd-krb5.5.xml:451 sss_groupadd.8.xml:60 sss_userdel.8.xml:95 sss_groupdel.8.xml:48 sss_groupshow.8.xml:60 sss_usermod.8.xml:140 sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:95
msgid "SEE ALSO"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
+#: sss_groupmod.8.xml:76
msgid ""
"<citerefentry> "
"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
@@ -200,7 +200,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:1431
msgid "Section parameters"
msgstr ""
@@ -228,33 +228,36 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:88
-msgid "Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
+msgid ""
+"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
+"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase "
+"condition=\"with_ssh\">, ssh</phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
+#: sssd.conf.5.xml:96 sssd.conf.5.xml:288
msgid "reconnection_retries (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
+#: sssd.conf.5.xml:99 sssd.conf.5.xml:291
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
+#: sssd.conf.5.xml:104 sssd.conf.5.xml:296
msgid "Default: 3"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:109
msgid "domains"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:112
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -263,19 +266,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
+#: sssd.conf.5.xml:122
msgid "re_expression (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
+#: sssd.conf.5.xml:125
msgid ""
"Regular expression that describes how to parse the string containing user "
"name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
+#: sssd.conf.5.xml:129
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -283,7 +286,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
+#: sssd.conf.5.xml:134
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -291,19 +294,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:141
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax "
"(?P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
+#: sssd.conf.5.xml:148
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
+#: sssd.conf.5.xml:151
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> "
"<manvolnum>3</manvolnum> </citerefentry>-compatible format that describes "
@@ -311,17 +314,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
+#: sssd.conf.5.xml:159
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
+#: sssd.conf.5.xml:164
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
+#: sssd.conf.5.xml:167
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -330,7 +333,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
+#: sssd.conf.5.xml:175
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -338,45 +341,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
+#: sssd.conf.5.xml:181
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:185
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
+#: sssd.conf.5.xml:192
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
+#: sssd.conf.5.xml:195
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
+#: sssd.conf.5.xml:199
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
+#: sssd.conf.5.xml:205
msgid ""
"Default: Distribution-specific and specified at "
"build-time. (__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:212
+msgid "force_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:215
+msgid ""
+"If a service is not responding to ping checks (see the "
+"<quote>timeout</quote> option), it is first sent the SIGTERM signal that "
+"instructs it to quit gracefully. If the service does not terminate after "
+"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down "
+"by sending a SIGKILL signal."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:542 sssd.conf.5.xml:690 sssd-ldap.5.xml:1034
+msgid "Default: 60"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:63
msgid ""
@@ -389,12 +412,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
+#: sssd.conf.5.xml:234
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
+#: sssd.conf.5.xml:236
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -403,125 +426,123 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
+#: sssd.conf.5.xml:243
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
+#: sssd.conf.5.xml:245
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
+#: sssd.conf.5.xml:249
msgid "debug_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
+#: sssd.conf.5.xml:253
msgid "debug_timestamps (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
+#: sssd.conf.5.xml:256
msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:393 sssd-ldap.5.xml:1328 sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:408 sssd.conf.5.xml:793 sssd-ldap.5.xml:1399 sssd-ldap.5.xml:1525 sssd-ipa.5.xml:225 sssd-ipa.5.xml:260
msgid "Default: true"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
+#: sssd.conf.5.xml:264
msgid "debug_microseconds (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
+#: sssd.conf.5.xml:267
msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:658 sssd-ldap.5.xml:602 sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:270 sssd.conf.5.xml:740 sssd.conf.5.xml:1368 sssd-ldap.5.xml:620 sssd-ldap.5.xml:1312 sssd-ldap.5.xml:1331 sssd-ldap.5.xml:1468 sssd-ldap.5.xml:1874 sssd-ipa.5.xml:123 sssd-ipa.5.xml:320 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "fd_limit"
+#: sssd.conf.5.xml:275
+msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:278
msgid ""
-"This option specifies the maximum number of file descriptors that may be "
-"opened at one time by this SSSD process. On systems where SSSD is granted "
-"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
-"systems without this capability, the resulting value will be the lower value "
-"of this or the limits.conf \"hard\" limit."
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:282
-msgid "Default: 8192 (or limits.conf \"hard\" limit)"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:283 sssd-ldap.5.xml:1183
+msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:287
-msgid "command (string)"
+#: sssd.conf.5.xml:301
+msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:290
+#: sssd.conf.5.xml:304
msgid ""
-"By default, the executable representing this service is called "
-"<command>sssd_${service_name}</command>. This directive allows to change "
-"the executable name for the service. In the vast majority of configurations, "
-"the default values should suffice."
+"This option specifies the maximum number of file descriptors that may be "
+"opened at one time by this SSSD process. On systems where SSSD is granted "
+"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
+"systems without this capability, the resulting value will be the lower value "
+"of this or the limits.conf \"hard\" limit."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298
-msgid "Default: <command>sssd_${service_name}</command>"
+#: sssd.conf.5.xml:313
+msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:306
+#: sssd.conf.5.xml:321
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:308
+#: sssd.conf.5.xml:323
msgid ""
"These options can be used to configure the Name Service Switch (NSS) "
"service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:313
+#: sssd.conf.5.xml:328
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316
+#: sssd.conf.5.xml:331
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:335
msgid "Default: 120"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:325
+#: sssd.conf.5.xml:340
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:328
+#: sssd.conf.5.xml:343
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -529,7 +550,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:349
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -539,7 +560,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:359
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -548,17 +569,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:352
+#: sssd.conf.5.xml:367
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:357
+#: sssd.conf.5.xml:372
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:375
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -566,17 +587,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:686 sssd-krb5.5.xml:223
+#: sssd.conf.5.xml:381 sssd.conf.5.xml:768 sssd-krb5.5.xml:223
msgid "Default: 15"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:371
+#: sssd.conf.5.xml:386
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:374
+#: sssd.conf.5.xml:389
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set "
@@ -585,77 +606,77 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:396
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:401
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:389
+#: sssd.conf.5.xml:404
msgid "If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398
+#: sssd.conf.5.xml:413
msgid "override_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:166
+#: sssd.conf.5.xml:422 sssd-krb5.5.xml:166
msgid "%u"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd-krb5.5.xml:167
+#: sssd.conf.5.xml:423 sssd-krb5.5.xml:167
msgid "login name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:411 sssd-krb5.5.xml:170
+#: sssd.conf.5.xml:426 sssd-krb5.5.xml:170
msgid "%U"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:412
+#: sssd.conf.5.xml:427
msgid "UID number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:415 sssd-krb5.5.xml:188
+#: sssd.conf.5.xml:430 sssd-krb5.5.xml:188
msgid "%d"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:416
+#: sssd.conf.5.xml:431
msgid "domain name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:419
+#: sssd.conf.5.xml:434
msgid "%f"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:435
msgid "fully qualified user name (user@domain)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:423 sssd-krb5.5.xml:200
+#: sssd.conf.5.xml:438 sssd-krb5.5.xml:200
msgid "%%"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424 sssd-krb5.5.xml:201
+#: sssd.conf.5.xml:439 sssd-krb5.5.xml:201
msgid "a literal '%'"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:401
+#: sssd.conf.5.xml:416
msgid ""
"Override the user's home directory. You can either provide an absolute value "
"or a template. In the template, the following sequences are substituted: "
@@ -663,138 +684,191 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430
+#: sssd.conf.5.xml:445
msgid "This option can also be set per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:450
+msgid "fallback_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:453
+msgid ""
+"Set a default template for a user's home directory if one is not specified "
+"explicitly by the domain's data provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:458
+msgid "The available values for this option are the same as for override_homedir."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:462
+msgid "Default: not set (no substitution for unset home directories)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:468
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
+#: sssd.conf.5.xml:471
msgid "Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
+#: sssd.conf.5.xml:474
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
+#: sssd.conf.5.xml:478
msgid ""
"2. If the shell is in the allowed_shells list but not in "
"<quote>/etc/shells</quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:483
msgid ""
"3. If the shell is not in the allowed_shells list and not in "
"<quote>/etc/shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:455
+#: sssd.conf.5.xml:488
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:458
+#: sssd.conf.5.xml:491
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:462
+#: sssd.conf.5.xml:495
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:500
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:503
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:475
+#: sssd.conf.5.xml:508
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:511
msgid ""
"The default shell to use if an allowed shell is not installed on the "
"machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
+#: sssd.conf.5.xml:515
msgid "Default: /bin/sh"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:520
+msgid "default_shell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:523
+msgid ""
+"The default shell to use if the provider does not return one during "
+"lookup. This option supercedes any other shell options if it takes effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:528
+msgid ""
+"Default: not set (Return NULL if no shell is specified and rely on libc to "
+"substitute something sensible when necessary, usually /bin/sh)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:535 sssd.conf.5.xml:683
+msgid "get_domains_timeout (int)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:538 sssd.conf.5.xml:686
+msgid ""
+"Specifies time in seconds for which the list of subdomains will be "
+"considered valid."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:489
+#: sssd.conf.5.xml:549
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:491
+#: sssd.conf.5.xml:551
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:556
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:499
+#: sssd.conf.5.xml:559
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504 sssd.conf.5.xml:517
+#: sssd.conf.5.xml:564 sssd.conf.5.xml:577
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:570
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:513
+#: sssd.conf.5.xml:573
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:523
+#: sssd.conf.5.xml:583
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:586
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:591
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -802,59 +876,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537 sssd.conf.5.xml:590 sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:597 sssd.conf.5.xml:650 sssd.conf.5.xml:1315
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:603
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:606
msgid ""
"Controls what kind of messages are shown to the user during "
"authentication. The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:611
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:554
+#: sssd.conf.5.xml:614
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:557
+#: sssd.conf.5.xml:617
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:621
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:624
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:568 sssd.8.xml:63
+#: sssd.conf.5.xml:628 sssd.8.xml:63
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:573
+#: sssd.conf.5.xml:633
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:636
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -862,7 +936,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
+#: sssd.conf.5.xml:642
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a "
@@ -872,45 +946,60 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:656
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:659 sssd.conf.5.xml:972
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:662
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
"cannot display a warning."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:668 sssd.conf.5.xml:975
+msgid ""
+"If zero is set, then this filter is not applied, i.e. if the expiration "
+"warning was received from backend server, it will automatically be "
+"displayed."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:608
-msgid "Default: 7"
+#: sssd.conf.5.xml:673
+msgid ""
+"This setting can be overridden by setting "
+"<emphasis>pwd_expiration_warning</emphasis> for a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:678 sssd.8.xml:79
+msgid "Default: 0"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:616
+#: sssd.conf.5.xml:698
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:618
+#: sssd.conf.5.xml:700
msgid "These options can be used to configure the sudo service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:707
msgid "sudo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:710
msgid ""
"For any sudo request that comes while SSSD is online, the SSSD will attempt "
"to update the cached rules in order to ensure that sudo has the latest "
@@ -918,7 +1007,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:716
msgid ""
"The user may, however, run a couple of sudo commands successively, which "
"would trigger multiple LDAP requests. In order to speed up this use-case, "
@@ -927,71 +1016,93 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:641
+#: sssd.conf.5.xml:723
msgid ""
"This option controls how long (in seconds) can the sudo service cache rules "
"for a user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:727
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:732
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:735
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:748
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:750
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:676
+#: sssd.conf.5.xml:758
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:679
+#: sssd.conf.5.xml:761
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
"before asking the back end again."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:776
+msgid "SSH configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:778
+msgid "These options can be used to configure the SSH service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:786
+msgid "ssh_hash_known_hosts (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:789
+msgid ""
+"Whether or not to hash host names and adresses in the managed known_hosts "
+"file."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:803
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:810
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:706
+#: sssd.conf.5.xml:813
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:711
+#: sssd.conf.5.xml:818
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For "
@@ -1000,56 +1111,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:825
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
-msgid ""
-"Timeout in seconds between heartbeats for this domain. This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:738
+#: sssd.conf.5.xml:831
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:834
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:745
+#: sssd.conf.5.xml:838
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:841
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:856 sssd.conf.5.xml:910
+#: sssd.conf.5.xml:844 sssd.conf.5.xml:949 sssd.conf.5.xml:1031
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:754
+#: sssd.conf.5.xml:847
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1059,14 +1153,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:764
+#: sssd.conf.5.xml:857
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:862
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1075,97 +1169,97 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:873
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:876
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:880
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:886
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796
+#: sssd.conf.5.xml:889
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800 sssd.conf.5.xml:813 sssd.conf.5.xml:826 sssd.conf.5.xml:839
+#: sssd.conf.5.xml:893 sssd.conf.5.xml:906 sssd.conf.5.xml:919 sssd.conf.5.xml:932
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:899
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:902
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:819
+#: sssd.conf.5.xml:912
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:915
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:925
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:928
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:938
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:941
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:945
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:861
+#: sssd.conf.5.xml:954
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:957
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1174,47 +1268,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:964
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:969
+msgid "pwd_expiration_warning (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:980
+msgid ""
+"Please note that the backend server has to provide information about the "
+"expiration time of the password. If this information is missing, sssd "
+"cannot display a warning. Also an auth provider has to be configured for the "
+"backend."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:987
+msgid "Default: 7 (Kerberos), 0 (LDAP)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:993
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:880
+#: sssd.conf.5.xml:996
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:1000
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:887
+#: sssd.conf.5.xml:1003
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:890
+#: sssd.conf.5.xml:1006
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:1009
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:899
+#: sssd.conf.5.xml:1015
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:1018
+msgid ""
+"Use the full name and domain (as formatted by the domain's full_name_format) "
+"as the user's login name reported to NSS."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1023
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified "
"names. For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1223,19 +1343,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:915
+#: sssd.conf.5.xml:1036
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:918
+#: sssd.conf.5.xml:1039
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
+#: sssd.conf.5.xml:1043
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -1243,7 +1363,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:929
+#: sssd.conf.5.xml:1050
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
@@ -1251,29 +1371,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:1057
msgid "<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1060
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1063
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:1069
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:951
+#: sssd.conf.5.xml:1072
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1281,17 +1401,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
-msgid "<quote>permit</quote> always allow access."
+#: sssd.conf.5.xml:1078
+msgid ""
+"<quote>permit</quote> always allow access. It's the only permitted access "
+"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:960
+#: sssd.conf.5.xml:1081
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1084
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> "
@@ -1300,24 +1422,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1091
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1096
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:978
+#: sssd.conf.5.xml:1099
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1104
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1326,7 +1448,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:991
+#: sssd.conf.5.xml:1112
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
@@ -1335,7 +1457,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1120
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
@@ -1343,34 +1465,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1007
+#: sssd.conf.5.xml:1128
msgid "<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1011
+#: sssd.conf.5.xml:1132
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1135
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1021
+#: sssd.conf.5.xml:1142
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1148
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1031
+#: sssd.conf.5.xml:1152
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -1378,29 +1500,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
+#: sssd.conf.5.xml:1159
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1041
+#: sssd.conf.5.xml:1162 sssd.conf.5.xml:1246 sssd.conf.5.xml:1271
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1047
+#: sssd.conf.5.xml:1168
msgid "session_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1171
msgid ""
"The provider which should handle loading of session settings. Supported "
"session providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1055
+#: sssd.conf.5.xml:1176
msgid ""
"<quote>ipa</quote> to load session settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1409,66 +1531,154 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1184
msgid "<quote>none</quote> disallows fetching session settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1187
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"session loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1193
+msgid "subdomains_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1196
+msgid ""
+"The provider which should handle fetching of subdomains. This value should "
+"be always the same as id_provider. Supported subdomain providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1201
+msgid ""
+"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring "
+"IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1209
+msgid "<quote>none</quote> disallows fetching subdomains explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1212 sssd-ldap.5.xml:1499
+msgid "Default: none"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1218
+msgid "autofs_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1224
+msgid "The autofs provider used for the domain. Supported autofs providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1228
+msgid ""
+"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1235
+msgid ""
+"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
+"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1243
+msgid "<quote>none</quote> disables autofs explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1253
+msgid "hostid_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1256
+msgid ""
+"The provider used for retrieving host identity information. Supported "
+"hostid providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1260
+msgid ""
+"<quote>ipa</quote> to load host identity stored in an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring "
+"IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1268
+msgid "<quote>none</quote> disables hostid explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1278
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1076
+#: sssd.conf.5.xml:1281
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1285
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1083
+#: sssd.conf.5.xml:1288
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1291
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1294
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1092
+#: sssd.conf.5.xml:1297
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1095
+#: sssd.conf.5.xml:1300
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1306
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1104
+#: sssd.conf.5.xml:1309
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1476,51 +1686,82 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1321
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1324
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1328
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1129
+#: sssd.conf.5.xml:1334
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1337
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1138
+#: sssd.conf.5.xml:1343
msgid "case_sensitive (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1346
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1351
msgid "Default: True"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1357
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1360
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1374
+msgid "subdomain_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1377
+msgid ""
+"Use this homedir as default value for all subdomains within this domain. See "
+"<emphasis>override_homedir</emphasis> for info about possible values."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1382
+msgid "The value can be overridden by <emphasis>override_homedir</emphasis> option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:805
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called "
@@ -1529,29 +1770,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1395
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1398
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1401
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1409
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1412
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1559,19 +1800,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1154
+#: sssd.conf.5.xml:1391
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1187
+#: sssd.conf.5.xml:1424
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1426
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1579,73 +1820,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1433
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1436
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1440
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1445
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211
+#: sssd.conf.5.xml:1448
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1453
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1221
+#: sssd.conf.5.xml:1458
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1224
+#: sssd.conf.5.xml:1461
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1228 sssd.conf.5.xml:1240
+#: sssd.conf.5.xml:1465 sssd.conf.5.xml:1477
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1470
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1473
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1245
+#: sssd.conf.5.xml:1482
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1248
+#: sssd.conf.5.xml:1485
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1653,17 +1894,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1256
+#: sssd.conf.5.xml:1493
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1498
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1501
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1672,17 +1913,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1274
+#: sssd.conf.5.xml:1511
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1516
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1519
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1690,17 +1931,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1289
+#: sssd.conf.5.xml:1526
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1531
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1297
+#: sssd.conf.5.xml:1534
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1708,17 +1949,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1540
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1313 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1550 sssd-ldap.5.xml:2145 sssd-simple.5.xml:126 sssd-ipa.5.xml:563 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1319
+#: sssd.conf.5.xml:1556
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1748,7 +1989,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1552
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1757,7 +1998,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1587
msgid ""
"<citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> "
@@ -1960,216 +2201,234 @@ msgstr ""
msgid ""
"Specifies the Schema Type in use on the target LDAP server. Depending on "
"the selected schema, the default attribute names retrieved from the servers "
-"may vary. The way that some attributes are handled may also differ. Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
+"may vary. The way that some attributes are handled may also differ. Four "
+"schema types are currently supported: rfc2307 rfc2307bis IPA AD The main "
"difference between these schema types is how group memberships are recorded "
"in the server. With rfc2307, group members are listed by name in the "
"<emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, group "
"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
+"attribute. The AD schema type sets the attributes to correspond with Active "
+"Directory 2008r2 values."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
+#: sssd-ldap.5.xml:183
msgid "Default: rfc2307"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
+#: sssd-ldap.5.xml:189
msgid "ldap_default_bind_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
+#: sssd-ldap.5.xml:192
msgid "The default bind DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
+#: sssd-ldap.5.xml:199
msgid "ldap_default_authtok_type (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
+#: sssd-ldap.5.xml:202
msgid "The type of the authentication token of the default bind DN."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
+#: sssd-ldap.5.xml:206
msgid "The two mechanisms currently supported are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
+#: sssd-ldap.5.xml:209
msgid "password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
+#: sssd-ldap.5.xml:212
msgid "obfuscated_password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
+#: sssd-ldap.5.xml:215
msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
+#: sssd-ldap.5.xml:221
msgid "ldap_default_authtok (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
+#: sssd-ldap.5.xml:224
msgid ""
"The authentication token of the default bind DN. Only clear text passwords "
"are currently supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
+#: sssd-ldap.5.xml:231
msgid "ldap_user_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
+#: sssd-ldap.5.xml:234
msgid "The object class of a user entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
+#: sssd-ldap.5.xml:237
msgid "Default: posixAccount"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
+#: sssd-ldap.5.xml:243
msgid "ldap_user_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
+#: sssd-ldap.5.xml:246
msgid "The LDAP attribute that corresponds to the user's login name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
+#: sssd-ldap.5.xml:250
msgid "Default: uid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
+#: sssd-ldap.5.xml:256
msgid "ldap_user_uid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
+#: sssd-ldap.5.xml:259
msgid "The LDAP attribute that corresponds to the user's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
+#: sssd-ldap.5.xml:263
msgid "Default: uidNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
+#: sssd-ldap.5.xml:269
msgid "ldap_user_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
+#: sssd-ldap.5.xml:272
msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
+#: sssd-ldap.5.xml:276 sssd-ldap.5.xml:758
msgid "Default: gidNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
+#: sssd-ldap.5.xml:282
msgid "ldap_user_gecos (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
+#: sssd-ldap.5.xml:285
msgid "The LDAP attribute that corresponds to the user's gecos field."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
+#: sssd-ldap.5.xml:289
msgid "Default: gecos"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
+#: sssd-ldap.5.xml:295
msgid "ldap_user_home_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
+#: sssd-ldap.5.xml:298
msgid "The LDAP attribute that contains the name of the user's home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
+#: sssd-ldap.5.xml:302
msgid "Default: homeDirectory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
+#: sssd-ldap.5.xml:308
msgid "ldap_user_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
+#: sssd-ldap.5.xml:311
msgid "The LDAP attribute that contains the path to the user's default shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
+#: sssd-ldap.5.xml:315
msgid "Default: loginShell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
+#: sssd-ldap.5.xml:321
msgid "ldap_user_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
+#: sssd-ldap.5.xml:324
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
+#: sssd-ldap.5.xml:328 sssd-ldap.5.xml:784 sssd-ldap.5.xml:911
msgid "Default: nsUniqueId"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
+#: sssd-ldap.5.xml:334
+msgid "ldap_user_objectsid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:337
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP user object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:342 sssd-ldap.5.xml:798
+msgid "Default: objectSid for ActiveDirectory, not set for other servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:349
msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
+#: sssd-ldap.5.xml:352 sssd-ldap.5.xml:808 sssd-ldap.5.xml:920
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
+#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:812 sssd-ldap.5.xml:927
msgid "Default: modifyTimestamp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
+#: sssd-ldap.5.xml:362
msgid "ldap_user_shadow_last_change (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
+#: sssd-ldap.5.xml:365
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> "
@@ -2178,17 +2437,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
+#: sssd-ldap.5.xml:375
msgid "Default: shadowLastChange"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
+#: sssd-ldap.5.xml:381
msgid "ldap_user_shadow_min (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
+#: sssd-ldap.5.xml:384
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> "
@@ -2197,17 +2456,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
+#: sssd-ldap.5.xml:393
msgid "Default: shadowMin"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
+#: sssd-ldap.5.xml:399
msgid "ldap_user_shadow_max (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
+#: sssd-ldap.5.xml:402
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> "
@@ -2216,17 +2475,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
+#: sssd-ldap.5.xml:411
msgid "Default: shadowMax"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
+#: sssd-ldap.5.xml:417
msgid "ldap_user_shadow_warning (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
+#: sssd-ldap.5.xml:420
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> "
@@ -2235,17 +2494,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
+#: sssd-ldap.5.xml:430
msgid "Default: shadowWarning"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
+#: sssd-ldap.5.xml:436
msgid "ldap_user_shadow_inactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
+#: sssd-ldap.5.xml:439
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> "
@@ -2254,17 +2513,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
+#: sssd-ldap.5.xml:449
msgid "Default: shadowInactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
+#: sssd-ldap.5.xml:455
msgid "ldap_user_shadow_expire (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
+#: sssd-ldap.5.xml:458
msgid ""
"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
"parameter contains the name of an LDAP attribute corresponding to its "
@@ -2274,17 +2533,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
+#: sssd-ldap.5.xml:468
msgid "Default: shadowExpire"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
+#: sssd-ldap.5.xml:474
msgid "ldap_user_krb_last_pwd_change (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
+#: sssd-ldap.5.xml:477
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time of last password change in "
@@ -2292,158 +2551,158 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
+#: sssd-ldap.5.xml:483
msgid "Default: krbLastPwdChange"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
+#: sssd-ldap.5.xml:489
msgid "ldap_user_krb_password_expiration (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
+#: sssd-ldap.5.xml:492
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time when current password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
+#: sssd-ldap.5.xml:498
msgid "Default: krbPasswordExpiration"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
+#: sssd-ldap.5.xml:504
msgid "ldap_user_ad_account_expires (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
+#: sssd-ldap.5.xml:507
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the expiration time of the account."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
+#: sssd-ldap.5.xml:512
msgid "Default: accountExpires"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
+#: sssd-ldap.5.xml:518
msgid "ldap_user_ad_user_account_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
+#: sssd-ldap.5.xml:521
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the user account control bit field."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
+#: sssd-ldap.5.xml:526
msgid "Default: userAccountControl"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
+#: sssd-ldap.5.xml:532
msgid "ldap_ns_account_lock (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
+#: sssd-ldap.5.xml:535
msgid ""
"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
"determines if access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
+#: sssd-ldap.5.xml:540
msgid "Default: nsAccountLock"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
+#: sssd-ldap.5.xml:546
msgid "ldap_user_nds_login_disabled (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
+#: sssd-ldap.5.xml:549
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines if "
"access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
+#: sssd-ldap.5.xml:553 sssd-ldap.5.xml:567
msgid "Default: loginDisabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
+#: sssd-ldap.5.xml:559
msgid "ldap_user_nds_login_expiration_time (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
+#: sssd-ldap.5.xml:562
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines until "
"which date access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
+#: sssd-ldap.5.xml:573
msgid "ldap_user_nds_login_allowed_time_map (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
+#: sssd-ldap.5.xml:576
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines the "
"hours of a day in a week when access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
+#: sssd-ldap.5.xml:581
msgid "Default: loginAllowedTimeMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
+#: sssd-ldap.5.xml:587
msgid "ldap_user_principal (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
+#: sssd-ldap.5.xml:590
msgid ""
"The LDAP attribute that contains the user's Kerberos User Principal Name "
"(UPN)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
+#: sssd-ldap.5.xml:594
msgid "Default: krbPrincipalName"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
+#: sssd-ldap.5.xml:600
msgid "ldap_user_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
+#: sssd-ldap.5.xml:603
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
+#: sssd-ldap.5.xml:610
msgid "ldap_force_upper_case_realm (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
+#: sssd-ldap.5.xml:613
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -2452,29 +2711,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
+#: sssd-ldap.5.xml:626
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
+#: sssd-ldap.5.xml:629
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:634 sssd-ldap.5.xml:1887
msgid "Default: 300"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
+#: sssd-ldap.5.xml:640
msgid "ldap_purge_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
+#: sssd-ldap.5.xml:643
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -2482,52 +2741,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
+#: sssd-ldap.5.xml:649
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
+#: sssd-ldap.5.xml:653
msgid "Default: 10800 (12 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
+#: sssd-ldap.5.xml:659
msgid "ldap_user_fullname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
+#: sssd-ldap.5.xml:662
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 sssd-ipa.5.xml:422
+#: sssd-ldap.5.xml:666 sssd-ldap.5.xml:745 sssd-ldap.5.xml:861 sssd-ldap.5.xml:952 sssd-ldap.5.xml:1742 sssd-ldap.5.xml:1960 sssd-ipa.5.xml:441
msgid "Default: cn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
+#: sssd-ldap.5.xml:672
msgid "ldap_user_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
+#: sssd-ldap.5.xml:675
msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
+#: sssd-ldap.5.xml:679 sssd-ipa.5.xml:345
msgid "Default: memberOf"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
+#: sssd-ldap.5.xml:685
msgid "ldap_user_authorized_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
+#: sssd-ldap.5.xml:688
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -2535,24 +2794,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
+#: sssd-ldap.5.xml:695
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:700
msgid "Default: authorizedService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
+#: sssd-ldap.5.xml:706
msgid "ldap_user_authorized_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
+#: sssd-ldap.5.xml:709
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -2560,89 +2819,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
+#: sssd-ldap.5.xml:715
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
+#: sssd-ldap.5.xml:720
msgid "Default: host"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:726
msgid "ldap_group_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
+#: sssd-ldap.5.xml:729
msgid "The object class of a group entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
+#: sssd-ldap.5.xml:732
msgid "Default: posixGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:738
msgid "ldap_group_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
+#: sssd-ldap.5.xml:741
msgid "The LDAP attribute that corresponds to the group name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:751
msgid "ldap_group_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:754
msgid "The LDAP attribute that corresponds to the group's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
+#: sssd-ldap.5.xml:764
msgid "ldap_group_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
+#: sssd-ldap.5.xml:767
msgid "The LDAP attribute that contains the names of the group's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
+#: sssd-ldap.5.xml:771
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
+#: sssd-ldap.5.xml:777
msgid "ldap_group_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:780
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:790
+msgid "ldap_group_objectsid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:793
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP group object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:805
msgid "ldap_group_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:818
msgid "ldap_group_nesting_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:821
msgid ""
"If ldap_schema is set to a schema format that supports nested groups "
"(e.g. RFC2307bis), then this option controls how many levels of nesting SSSD "
@@ -2650,191 +2921,191 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
+#: sssd-ldap.5.xml:828
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:834
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
+#: sssd-ldap.5.xml:837
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
+#: sssd-ldap.5.xml:840
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:844
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
+#: sssd-ldap.5.xml:850
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
+#: sssd-ldap.5.xml:853
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:857
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
+#: sssd-ldap.5.xml:867
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
+#: sssd-ldap.5.xml:870
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
+#: sssd-ldap.5.xml:874
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:878
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:884
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
+#: sssd-ldap.5.xml:887
msgid "The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
+#: sssd-ldap.5.xml:891 sssd-ldap.5.xml:924
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:894
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
+#: sssd-ldap.5.xml:900
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
+#: sssd-ldap.5.xml:903
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
+#: sssd-ldap.5.xml:907
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
+#: sssd-ldap.5.xml:917
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:933
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:936
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:939
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:945
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:948
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
+#: sssd-ldap.5.xml:958
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
+#: sssd-ldap.5.xml:961
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
+#: sssd-ldap.5.xml:965
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
+#: sssd-ldap.5.xml:971
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:974
msgid "The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
+#: sssd-ldap.5.xml:978
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
+#: sssd-ldap.5.xml:984
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:987
msgid "An optional base DN to restrict service searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
+#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1997 sssd-ldap.5.xml:2016 sssd-ldap.5.xml:2035 sssd-ldap.5.xml:2098 sssd-ldap.5.xml:2120 sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 sssd-ipa.5.xml:206
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
+#: sssd-ldap.5.xml:996 sssd-ldap.5.xml:2002 sssd-ldap.5.xml:2021 sssd-ldap.5.xml:2040 sssd-ldap.5.xml:2103 sssd-ldap.5.xml:2125 sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
+#: sssd-ldap.5.xml:1003
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1006
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2842,7 +3113,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
+#: sssd-ldap.5.xml:1012
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2850,35 +3121,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
+#: sssd-ldap.5.xml:1018 sssd-ldap.5.xml:1060 sssd-ldap.5.xml:1075
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1024
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1027
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
"are returned (and offline mode is entered)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1040
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1043
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> "
@@ -2889,12 +3155,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
+#: sssd-ldap.5.xml:1066
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
+#: sssd-ldap.5.xml:1069
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2902,12 +3168,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1081
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1084
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -2916,34 +3182,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
+#: sssd-ldap.5.xml:1092
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1098
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
+#: sssd-ldap.5.xml:1101
msgid ""
"Specify the number of records to retrieve from LDAP in a single "
"request. Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1106
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
+#: sssd-ldap.5.xml:1112
+msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1115
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -2951,7 +3217,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
+#: sssd-ldap.5.xml:1121
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use "
@@ -2959,20 +3225,43 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1127
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
"requests being denied."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1133 include/ldap_id_mapping.xml:184
+msgid "Default: False"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1139
+msgid "ldap_sasl_minssf (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1142
+msgid ""
+"When communicating with an LDAP server using SASL, specify the minimum "
+"security level necessary to establish the connection. The values of this "
+"option are defined by OpenLDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1148
+msgid "Default: Use the system default (usually specified by ldap.conf)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1155
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1158
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2980,12 +3269,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1164
msgid "You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1168
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2994,7 +3283,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
+#: sssd-ldap.5.xml:1176
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -3002,26 +3291,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1189
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
+#: sssd-ldap.5.xml:1192
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1198
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
+#: sssd-ldap.5.xml:1202
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3029,7 +3318,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1209
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3037,7 +3326,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1215
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3045,41 +3334,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1221
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1225
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
+#: sssd-ldap.5.xml:1231
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
+#: sssd-ldap.5.xml:1234
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
+#: sssd-ldap.5.xml:1239 sssd-ldap.5.xml:1257 sssd-ldap.5.xml:1298
msgid ""
"Default: use OpenLDAP defaults, typically in "
"<filename>/etc/openldap/ldap.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1246
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1249
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3088,37 +3377,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1264
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1267
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1271 sssd-ldap.5.xml:1283 sssd-ldap.5.xml:1344 sssd-ldap.5.xml:2058 sssd-ldap.5.xml:2085 sssd-krb5.5.xml:359 include/ldap_id_mapping.xml:145 include/ldap_id_mapping.xml:156
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1277
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1280
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
+#: sssd-ldap.5.xml:1289
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
+#: sssd-ldap.5.xml:1292
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3126,90 +3415,103 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1305
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1308
msgid ""
"Specifies that the id_provider connection must also use <systemitem "
"class=\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
+#: sssd-ldap.5.xml:1318
+msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1321
msgid ""
-"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
-"supported."
+"Specifies that SSSD should attempt to map user and group IDs from the "
+"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
+"on ldap_user_uid_number and ldap_group_gid_number."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
+#: sssd-ldap.5.xml:1327
+msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1337
+msgid "ldap_sasl_mech (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1340
+msgid ""
+"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
+"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1350
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
+#: sssd-ldap.5.xml:1353
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
+#: sssd-ldap.5.xml:1358
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1364
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
+#: sssd-ldap.5.xml:1367
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
+#: sssd-ldap.5.xml:1372
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1378
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
+#: sssd-ldap.5.xml:1381
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1384
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
+#: sssd-ldap.5.xml:1390
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
+#: sssd-ldap.5.xml:1393
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -3217,27 +3519,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1405
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1408
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
+#: sssd-ldap.5.xml:1412
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1418 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1421 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of "
@@ -3249,7 +3551,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1433 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -3257,7 +3559,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1438 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of "
"SSSD. While the legacy name is recognized for the time being, users are "
@@ -3266,53 +3568,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1447 sssd-ipa.5.xml:235 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1450
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
+#: sssd-ldap.5.xml:1453
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1459 sssd-ipa.5.xml:250 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1462
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
+#: sssd-ldap.5.xml:1474
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
+#: sssd-ldap.5.xml:1477
msgid ""
"Select the policy to evaluate the password expiration on the client "
"side. The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1482
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
+#: sssd-ldap.5.xml:1487
msgid ""
"<emphasis>shadow</emphasis> - Use "
"<citerefentry><refentrytitle>shadow</refentrytitle> "
@@ -3321,7 +3623,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
+#: sssd-ldap.5.xml:1493
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -3329,76 +3631,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1505
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1508
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
+#: sssd-ldap.5.xml:1512
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1517
+msgid ""
+"Chasing referrals may incur a performance penalty in environments that use "
+"them heavily, a notable example is Microsoft Active Directory. If your setup "
+"does not in fact require the use of referrals, setting this option to false "
+"might bring a noticeable performance improvement."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1531
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1534
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1538
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1544
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
+#: sssd-ldap.5.xml:1547
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1552
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
+#: sssd-ldap.5.xml:1558
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1561
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
+"it will result in all users being denied access. Use access_provider = "
+"permit to change this default behavior."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:1571 sssd-ldap.5.xml:2061
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
+#: sssd-ldap.5.xml:1574
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3407,14 +3718,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1578
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
+#: sssd-ldap.5.xml:1583
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3423,24 +3734,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1591 sssd-ldap.5.xml:1641
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1597
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1600
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1604
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3448,19 +3759,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1611
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1614
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1619
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3469,7 +3780,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1626
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, "
"<emphasis>389ds</emphasis>: use the value of ldap_ns_account_lock to check "
@@ -3477,7 +3788,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
+#: sssd-ldap.5.xml:1632
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3486,89 +3797,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
+#: sssd-ldap.5.xml:1647
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
+#: sssd-ldap.5.xml:1650
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1654
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1657
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1661
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
+#: sssd-ldap.5.xml:1666
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1670
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1673
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1680
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
+#: sssd-ldap.5.xml:1683
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1688
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1692
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1697
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1702
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1707
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3585,211 +3896,211 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1718
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1723
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
+#: sssd-ldap.5.xml:1726
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1729
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1735
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1738
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1748
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1751
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
+#: sssd-ldap.5.xml:1755
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
+#: sssd-ldap.5.xml:1761
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
+#: sssd-ldap.5.xml:1764
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
+#: sssd-ldap.5.xml:1769
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1775
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
+#: sssd-ldap.5.xml:1778
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
+#: sssd-ldap.5.xml:1782
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1788
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
+#: sssd-ldap.5.xml:1791
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
+#: sssd-ldap.5.xml:1795
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
+#: sssd-ldap.5.xml:1801
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1804
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
+#: sssd-ldap.5.xml:1808
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
+#: sssd-ldap.5.xml:1814
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
+#: sssd-ldap.5.xml:1817
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
+#: sssd-ldap.5.xml:1821
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
+#: sssd-ldap.5.xml:1827
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
+#: sssd-ldap.5.xml:1830
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1834
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
+#: sssd-ldap.5.xml:1840
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
+#: sssd-ldap.5.xml:1843
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1848
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1854
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1857
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
+#: sssd-ldap.5.xml:1861
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1867
msgid "ldap_sudo_refresh_enabled (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1870
msgid ""
"Enables periodical download of all sudo rules. The cache is purged before "
"each update."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1880
msgid "ldap_sudo_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
+#: sssd-ldap.5.xml:1883
msgid "How many seconds SSSD has to wait before refreshing its cache of sudo rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1721
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1894
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -3798,76 +4109,76 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1904
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
+#: sssd-ldap.5.xml:1906
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1913
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1916 sssd-ldap.5.xml:1942
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1919 sssd-ldap.5.xml:1946
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
+#: sssd-ldap.5.xml:1926
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
+#: sssd-ldap.5.xml:1929
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
+#: sssd-ldap.5.xml:1932
msgid "Default: ou"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1939
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1953
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
+#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:1970
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1967
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1974
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1911
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder "
"type=\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" "
@@ -3876,61 +4187,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
+#: sssd-ldap.5.xml:1983
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
+#: sssd-ldap.5.xml:1990
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
+#: sssd-ldap.5.xml:1993
msgid "An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:2009
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
+#: sssd-ldap.5.xml:2012
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
+#: sssd-ldap.5.xml:2028
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:2031
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:2047
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
+#: sssd-ldap.5.xml:2050
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
+#: sssd-ldap.5.xml:2054
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2064
#, no-wrap
msgid ""
" ldap_user_search_filter = "
@@ -3939,53 +4250,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
+#: sssd-ldap.5.xml:2067
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2074
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
+#: sssd-ldap.5.xml:2077
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2081
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2091
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2094
msgid "An optional base DN to restrict sudo rules searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
+#: sssd-ldap.5.xml:2113
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
+#: sssd-ldap.5.xml:2116
msgid "An optional base DN to restrict automounter searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1985
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3993,7 +4304,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2147
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -4001,7 +4312,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
+#: sssd-ldap.5.xml:2153
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -4014,18 +4325,18 @@ msgid ""
" enumerate = true\n"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552 sssd-krb5.5.xml:441
+#. type: Content of: <refsect1><refsect2><para>
+#: sssd-ldap.5.xml:2152 sssd-simple.5.xml:134 sssd-ipa.5.xml:571 sssd-krb5.5.xml:441 include/ldap_id_mapping.xml:63
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:2166 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
+#: sssd-ldap.5.xml:2168
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -4034,7 +4345,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
+#: sssd-ldap.5.xml:2179
msgid ""
"<citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
@@ -4569,40 +4880,55 @@ msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:199
+msgid "ipa_subdomains_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:202
+msgid "Optional. Use the given string as search base for trusted domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:218 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:221 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
+#: sssd-ipa.5.xml:228
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
+#: sssd-ipa.5.xml:238
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:242
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
+#: sssd-ipa.5.xml:253
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -4610,12 +4936,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
+#: sssd-ipa.5.xml:266
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
+#: sssd-ipa.5.xml:269
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -4623,17 +4949,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
+#: sssd-ipa.5.xml:276
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
+#: sssd-ipa.5.xml:281
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
+#: sssd-ipa.5.xml:284
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -4642,312 +4968,312 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
+#: sssd-ipa.5.xml:293
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
+#: sssd-ipa.5.xml:298
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
+#: sssd-ipa.5.xml:303
msgid "Default: DENY_ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
+#: sssd-ipa.5.xml:308
msgid "ipa_hbac_support_srchost (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:311
msgid ""
"If this is set to false, then srchost as given to SSSD by PAM will be "
"ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
+#: sssd-ipa.5.xml:315
msgid ""
"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
+#: sssd-ipa.5.xml:326
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
+#: sssd-ipa.5.xml:329
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
+#: sssd-ipa.5.xml:332
msgid "Default: The location named \"default\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:338
msgid "ipa_netgroup_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
+#: sssd-ipa.5.xml:341
msgid "The LDAP attribute that lists netgroup's memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
+#: sssd-ipa.5.xml:350
msgid "ipa_netgroup_member_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
+#: sssd-ipa.5.xml:353
msgid ""
"The LDAP attribute that lists system users and groups that are direct "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:358 sssd-ipa.5.xml:453
msgid "Default: memberUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
+#: sssd-ipa.5.xml:363
msgid "ipa_netgroup_member_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:366
msgid ""
"The LDAP attribute that lists hosts and host groups that are direct members "
"of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:370 sssd-ipa.5.xml:465
msgid "Default: memberHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:375
msgid "ipa_netgroup_member_ext_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
+#: sssd-ipa.5.xml:378
msgid ""
"The LDAP attribute that lists FQDNs of hosts and host groups that are "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
+#: sssd-ipa.5.xml:382
msgid "Default: externalHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
+#: sssd-ipa.5.xml:387
msgid "ipa_netgroup_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:390
msgid "The LDAP attribute that contains NIS domain name of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
+#: sssd-ipa.5.xml:394
msgid "Default: nisDomainName"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
+#: sssd-ipa.5.xml:400
msgid "ipa_host_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
+#: sssd-ipa.5.xml:403 sssd-ipa.5.xml:426
msgid "The object class of a host entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
+#: sssd-ipa.5.xml:406 sssd-ipa.5.xml:429
msgid "Default: ipaHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:411
msgid "ipa_host_fqdn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
+#: sssd-ipa.5.xml:414
msgid "The LDAP attribute that contains FQDN of the host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
+#: sssd-ipa.5.xml:417
msgid "Default: fqdn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
+#: sssd-ipa.5.xml:423
msgid "ipa_selinux_usermap_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
+#: sssd-ipa.5.xml:434
msgid "ipa_selinux_usermap_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:437
msgid "The LDAP attribute that contains the name of SELinux usermap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:446
msgid "ipa_selinux_usermap_member_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
+#: sssd-ipa.5.xml:449
msgid "The LDAP attribute that contains all users / groups this rule match against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
+#: sssd-ipa.5.xml:458
msgid "ipa_selinux_usermap_member_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
+#: sssd-ipa.5.xml:461
msgid ""
"The LDAP attribute that contains all hosts / hostgroups this rule match "
"against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:470
msgid "ipa_selinux_usermap_see_also (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:473
msgid ""
"The LDAP attribute that contains DN of HBAC rule which can be used for "
"matching instead of memberUser and memberHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
+#: sssd-ipa.5.xml:478
msgid "Default: seeAlso"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
+#: sssd-ipa.5.xml:483
msgid "ipa_selinux_usermap_selinux_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:486
msgid "The LDAP attribute that contains SELinux user string itself."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:490
msgid "Default: ipaSELinuxUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
+#: sssd-ipa.5.xml:495
msgid "ipa_selinux_usermap_enabled (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
+#: sssd-ipa.5.xml:498
msgid ""
"The LDAP attribute that contains whether or not is user map enabled for "
"usage."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:502
msgid "Default: ipaEnabledFlag"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
+#: sssd-ipa.5.xml:507
msgid "ipa_selinux_usermap_user_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:510
msgid "The LDAP attribute that contains user category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
+#: sssd-ipa.5.xml:514
msgid "Default: userCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:519
msgid "ipa_selinux_usermap_host_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:522
msgid "The LDAP attribute that contains host category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
+#: sssd-ipa.5.xml:526
msgid "Default: hostCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:531
msgid "ipa_selinux_usermap_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
+#: sssd-ipa.5.xml:534
msgid "The LDAP attribute that contains unique ID of the user map."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
+#: sssd-ipa.5.xml:538
msgid "Default: ipaUniqueID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
+#: sssd-ipa.5.xml:543
msgid "ipa_host_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
+#: sssd-ipa.5.xml:546
msgid "The LDAP attribute that contains the host's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:550
msgid "Default: ipaSshPubKey"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:565
msgid ""
"The following example assumes that SSSD is correctly configured and "
"example.com is one of the domains in the <replaceable>[sssd]</replaceable> "
@@ -4955,7 +5281,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:572
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -4965,7 +5291,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
+#: sssd-ipa.5.xml:583
msgid ""
"<citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
@@ -5043,11 +5369,6 @@ msgstr ""
msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:85
msgid "<option>-f</option>,<option>--debug-to-files</option>"
@@ -5430,7 +5751,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
+#: sss_useradd.8.xml:171
msgid ""
"<citerefentry> "
"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
@@ -5909,7 +6230,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
+#: sss_groupadd.8.xml:62
msgid ""
"<citerefentry> "
"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
@@ -5998,7 +6319,7 @@ msgid "Before actually deleting the user, terminate all his processes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
+#: sss_userdel.8.xml:97
msgid ""
"<citerefentry> "
"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
@@ -6041,7 +6362,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
+#: sss_groupdel.8.xml:50
msgid ""
"<citerefentry> "
"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
@@ -6098,7 +6419,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
+#: sss_groupshow.8.xml:62
msgid ""
"<citerefentry> "
"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
@@ -6191,7 +6512,7 @@ msgid "The SELinux user for the user's login."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
+#: sss_usermod.8.xml:142
msgid ""
"<citerefentry> "
"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
@@ -6306,12 +6627,60 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:108
msgid ""
+"<option>-s</option>,<option>--service</option> "
+"<replaceable>service</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:113
+msgid "Invalidate specific service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:119
+msgid "<option>-S</option>,<option>--services</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:123
+msgid ""
+"Invalidate all service records. This option overrides invalidation of "
+"specific service if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:130
+msgid ""
+"<option>-a</option>,<option>--autofs-map</option> "
+"<replaceable>autofs-map</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:135
+msgid "Invalidate specific autofs maps."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:141
+msgid "<option>-A</option>,<option>--autofs-maps</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:145
+msgid ""
+"Invalidate all autofs maps. This option overrides invalidation of specific "
+"map if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:152
+msgid ""
"<option>-d</option>,<option>--domain</option> "
"<replaceable>domain</replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:113
+#: sss_cache.8.xml:157
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -6545,7 +6914,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
msgid "Configuration"
msgstr ""
@@ -6660,6 +7029,232 @@ msgid ""
"offline mode, and then attempts to reconnect every 30 seconds."
msgstr ""
+#. type: Content of: <refsect1><title>
+#: include/ldap_id_mapping.xml:2
+msgid "ID MAPPING"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:4
+msgid ""
+"The ID-mapping feature allows SSSD to act as a client of Active Directory "
+"without requiring administrators to extend user attributes to support POSIX "
+"attributes for user and group identifiers."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:9
+msgid ""
+"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are "
+"ignored. This is to avoid the possibility of conflicts between "
+"automatically-assigned and manually-assigned values. If you need to use "
+"manually-assigned values, ALL values must be manually-assigned."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:17
+msgid "Mapping Algorithm"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:19
+msgid ""
+"Active Directory provides an objectSID for every user and group object in "
+"the directory. This objectSID can be broken up into components that "
+"represent the Active Directory domain identity and the relative identifier "
+"(RID) of the user or group object."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:25
+msgid ""
+"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
+"into equally-sized component sections - called \"slices\"-. Each slice "
+"represents the space available to an Active Directory domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:31
+msgid ""
+"When a user or group entry for a particular domain is encountered for the "
+"first time, the SSSD allocates one of the available slices for that "
+"domain. In order to make this slice-assignment repeatable on different "
+"client machines, we select the slice based on the following algorithm:"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:38
+msgid ""
+"The SID string is passed through the murmurhash3 algorithm to convert it to "
+"a 32-bit hashed value. We then take the modulus of this value with the total "
+"number of available slices to pick the slice."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:44
+msgid ""
+"NOTE: It is possible to encounter collisions in the hash and subsequent "
+"modulus. In these situations, we will select the next available slice, but "
+"it may not be possible to reproduce the same exact set of slices on other "
+"machines (since the order that they are encountered will determine their "
+"slice). In this situation, it is recommended to either switch to using "
+"explicit POSIX attributes in Active Directory (disabling ID-mapping) or "
+"configure a default domain to guarantee that at least one is always "
+"consistent. See <quote>Configuration</quote> for details."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:59
+msgid "Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><programlisting>
+#: include/ldap_id_mapping.xml:64
+#, no-wrap
+msgid ""
+"ldap_id_mapping = True\n"
+"ldap_schema = ad\n"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:69
+msgid ""
+"The default configuration results in configuring 10,000 slices, each capable "
+"of holding up to 200,000 IDs, starting from 10,001 and going up to "
+"2,000,100,000. This should be sufficient for most deployments."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><title>
+#: include/ldap_id_mapping.xml:75
+msgid "Advanced Configuration"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:78
+msgid "ldap_idmap_range_min (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:81
+msgid ""
+"Specifies the lower bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:85
+msgid ""
+"NOTE: This option is different from <quote>id_mn</quote> in that "
+"<quote>id_min</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have "
+"<quote>id_min</quote> be less-than or equal to "
+"<quote>ldap_idmap_range_min</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:95
+msgid "Default: 10001"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:100
+msgid "ldap_idmap_range_max (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:103
+msgid ""
+"Specifies the upper bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:107
+msgid ""
+"NOTE: This option is different from <quote>id_max</quote> in that "
+"<quote>id_max</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have "
+"<quote>id_max</quote> be greater-than or equal to "
+"<quote>ldap_idmap_range_max</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:117
+msgid "Default: 2000100000"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:122
+msgid "ldap_idmap_range_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:125
+msgid ""
+"Specifies the number of IDs available for each slice. If the range size "
+"does not divide evenly into the min and max values, it will create as many "
+"complete slices as it can."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:131
+msgid "Default: 200000"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:136
+msgid "ldap_idmap_default_domain_sid (string)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:139
+msgid ""
+"Specify the domain SID of the default domain. This will guarantee that this "
+"domain will always be assigned to slice zero in the ID map, bypassing the "
+"murmurhash algorithm described above."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:150
+msgid "ldap_idmap_default_domain (string)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:153
+msgid "Specify the name of the default domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:161
+msgid "ldap_idmap_autorid_compat (boolean)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:164
+msgid ""
+"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
+"winbind's <quote>idmap_autorid</quote> algorithm."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:169
+msgid ""
+"When this option is configured, domains will be allocated starting with "
+"slice zero and increasing monatomically with each additional domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:174
+msgid ""
+"NOTE: This algorithm is non-deterministic (it depends on the order that "
+"users and groups are requested). If this mode is required for compatibility "
+"with machines running winbind, it is recommended to also use the "
+"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at "
+"least one domain is consistently allocated to slice zero."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-h</option>,<option>--help</option>"
@@ -6778,3 +7373,28 @@ msgid ""
"<emphasis> This is an experimental feature, please use "
"http://fedorahosted.org/sssd to report any issues. </emphasis>"
msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/local.xml:2
+msgid "THE LOCAL DOMAIN"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:4
+msgid ""
+"In order to function correctly, a domain with "
+"<quote>id_provider=local</quote> must be created and the SSSD must be "
+"running."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:9
+msgid ""
+"The administrator might want to use the SSSD local users instead of "
+"traditional UNIX users in cases where the group nesting (see <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>) is needed. The local users are also useful for testing and "
+"development of the SSSD without having to deploy a full remote server. The "
+"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
+"local LDB storage to store users and groups."
+msgstr ""
diff --git a/src/man/po/tg.po b/src/man/po/tg.po
index 7c0b0db94..d2c41ac2c 100644
--- a/src/man/po/tg.po
+++ b/src/man/po/tg.po
@@ -7,8 +7,8 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-03-12 16:37-0300\n"
-"PO-Revision-Date: 2012-03-08 11:52+0000\n"
+"POT-Creation-Date: 2012-05-11 14:59-0300\n"
+"PO-Revision-Date: 2012-04-20 17:34+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: Tajik (http://www.transifex.net/projects/p/fedora/language/"
"tg/)\n"
@@ -113,18 +113,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1348 sssd-ldap.5.xml:2096
+#: sss_groupmod.8.xml:74 sssd.conf.5.xml:1585 sssd-ldap.5.xml:2177
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138 sss_ssh_authorizedkeys.1.xml:96
+#: sssd-ipa.5.xml:581 sssd.8.xml:191 sss_obfuscate.8.xml:103
+#: sss_useradd.8.xml:169 sssd-krb5.5.xml:451 sss_groupadd.8.xml:60
+#: sss_userdel.8.xml:95 sss_groupdel.8.xml:48 sss_groupshow.8.xml:60
+#: sss_usermod.8.xml:140 sss_ssh_authorizedkeys.1.xml:96
#: sss_ssh_knownhostsproxy.1.xml:95
msgid "SEE ALSO"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
+#: sss_groupmod.8.xml:76
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -223,7 +223,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:1431
msgid "Section parameters"
msgstr ""
@@ -253,33 +253,35 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:88
msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
+"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
+"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
+"\"with_ssh\">, ssh</phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
+#: sssd.conf.5.xml:96 sssd.conf.5.xml:288
msgid "reconnection_retries (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
+#: sssd.conf.5.xml:99 sssd.conf.5.xml:291
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
+#: sssd.conf.5.xml:104 sssd.conf.5.xml:296
msgid "Default: 3"
msgstr "Пешфарз: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:109
msgid "domains"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:112
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -288,19 +290,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
+#: sssd.conf.5.xml:122
msgid "re_expression (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
+#: sssd.conf.5.xml:125
msgid ""
"Regular expression that describes how to parse the string containing user "
"name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
+#: sssd.conf.5.xml:129
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -308,7 +310,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
+#: sssd.conf.5.xml:134
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -316,19 +318,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:141
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
+#: sssd.conf.5.xml:148
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
+#: sssd.conf.5.xml:151
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to translate "
@@ -336,17 +338,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
+#: sssd.conf.5.xml:159
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
+#: sssd.conf.5.xml:164
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
+#: sssd.conf.5.xml:167
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -355,7 +357,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
+#: sssd.conf.5.xml:175
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -363,45 +365,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
+#: sssd.conf.5.xml:181
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:185
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
+#: sssd.conf.5.xml:192
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
+#: sssd.conf.5.xml:195
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
+#: sssd.conf.5.xml:199
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
+#: sssd.conf.5.xml:205
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:212
+msgid "force_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:215
+msgid ""
+"If a service is not responding to ping checks (see the <quote>timeout</"
+"quote> option), it is first sent the SIGTERM signal that instructs it to "
+"quit gracefully. If the service does not terminate after "
+"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down "
+"by sending a SIGKILL signal."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:542 sssd.conf.5.xml:690
+#: sssd-ldap.5.xml:1034
+msgid "Default: 60"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:63
msgid ""
@@ -414,12 +437,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
+#: sssd.conf.5.xml:234
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
+#: sssd.conf.5.xml:236
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -428,128 +451,128 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
+#: sssd.conf.5.xml:243
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
+#: sssd.conf.5.xml:245
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
+#: sssd.conf.5.xml:249
msgid "debug_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
+#: sssd.conf.5.xml:253
msgid "debug_timestamps (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
+#: sssd.conf.5.xml:256
msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:393 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:408 sssd.conf.5.xml:793
+#: sssd-ldap.5.xml:1399 sssd-ldap.5.xml:1525 sssd-ipa.5.xml:225
+#: sssd-ipa.5.xml:260
msgid "Default: true"
msgstr "Пешфарз: true"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
+#: sssd.conf.5.xml:264
msgid "debug_microseconds (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
+#: sssd.conf.5.xml:267
msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:658 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:270 sssd.conf.5.xml:740 sssd.conf.5.xml:1368
+#: sssd-ldap.5.xml:620 sssd-ldap.5.xml:1312 sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1468 sssd-ldap.5.xml:1874 sssd-ipa.5.xml:123
+#: sssd-ipa.5.xml:320 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269
+#: sssd-krb5.5.xml:418
msgid "Default: false"
msgstr "Пешфарз: false"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "fd_limit"
+#: sssd.conf.5.xml:275
+msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:278
msgid ""
-"This option specifies the maximum number of file descriptors that may be "
-"opened at one time by this SSSD process. On systems where SSSD is granted "
-"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
-"systems without this capability, the resulting value will be the lower value "
-"of this or the limits.conf \"hard\" limit."
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:282
-msgid "Default: 8192 (or limits.conf \"hard\" limit)"
-msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:283 sssd-ldap.5.xml:1183
+msgid "Default: 10"
+msgstr "Пешфарз: 10"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:287
-msgid "command (string)"
+#: sssd.conf.5.xml:301
+msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:290
+#: sssd.conf.5.xml:304
msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>. This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
+"This option specifies the maximum number of file descriptors that may be "
+"opened at one time by this SSSD process. On systems where SSSD is granted "
+"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
+"systems without this capability, the resulting value will be the lower value "
+"of this or the limits.conf \"hard\" limit."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298
-msgid "Default: <command>sssd_${service_name}</command>"
+#: sssd.conf.5.xml:313
+msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:306
+#: sssd.conf.5.xml:321
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:308
+#: sssd.conf.5.xml:323
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:313
+#: sssd.conf.5.xml:328
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316
+#: sssd.conf.5.xml:331
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:335
msgid "Default: 120"
msgstr "Пешфарз: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:325
+#: sssd.conf.5.xml:340
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:328
+#: sssd.conf.5.xml:343
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -557,7 +580,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:349
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -567,7 +590,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:359
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -576,17 +599,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:352
+#: sssd.conf.5.xml:367
msgid "Default: 50"
msgstr "Пешфарз: 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:357
+#: sssd.conf.5.xml:372
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:375
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -594,17 +617,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:686 sssd-krb5.5.xml:223
+#: sssd.conf.5.xml:381 sssd.conf.5.xml:768 sssd-krb5.5.xml:223
msgid "Default: 15"
msgstr "Пешфарз: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:371
+#: sssd.conf.5.xml:386
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:374
+#: sssd.conf.5.xml:389
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -613,78 +636,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:396
msgid "Default: root"
msgstr "Пешфарз: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:401
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:389
+#: sssd.conf.5.xml:404
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398
+#: sssd.conf.5.xml:413
msgid "override_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:166
+#: sssd.conf.5.xml:422 sssd-krb5.5.xml:166
msgid "%u"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd-krb5.5.xml:167
+#: sssd.conf.5.xml:423 sssd-krb5.5.xml:167
msgid "login name"
msgstr "Номи логин"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:411 sssd-krb5.5.xml:170
+#: sssd.conf.5.xml:426 sssd-krb5.5.xml:170
msgid "%U"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:412
+#: sssd.conf.5.xml:427
msgid "UID number"
msgstr "Рақами UID"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:415 sssd-krb5.5.xml:188
+#: sssd.conf.5.xml:430 sssd-krb5.5.xml:188
msgid "%d"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:416
+#: sssd.conf.5.xml:431
msgid "domain name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:419
+#: sssd.conf.5.xml:434
msgid "%f"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:435
msgid "fully qualified user name (user@domain)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:423 sssd-krb5.5.xml:200
+#: sssd.conf.5.xml:438 sssd-krb5.5.xml:200
msgid "%%"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424 sssd-krb5.5.xml:201
+#: sssd.conf.5.xml:439 sssd-krb5.5.xml:201
msgid "a literal '%'"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:401
+#: sssd.conf.5.xml:416
msgid ""
"Override the user's home directory. You can either provide an absolute value "
"or a template. In the template, the following sequences are substituted: "
@@ -692,138 +715,192 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430
+#: sssd.conf.5.xml:445
msgid "This option can also be set per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:450
+msgid "fallback_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:453
+msgid ""
+"Set a default template for a user's home directory if one is not specified "
+"explicitly by the domain's data provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:458
+msgid ""
+"The available values for this option are the same as for override_homedir."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:462
+msgid "Default: not set (no substitution for unset home directories)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:468
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
+#: sssd.conf.5.xml:471
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
+#: sssd.conf.5.xml:474
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
+#: sssd.conf.5.xml:478
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:483
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:455
+#: sssd.conf.5.xml:488
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:458
+#: sssd.conf.5.xml:491
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:462
+#: sssd.conf.5.xml:495
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:500
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:503
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:475
+#: sssd.conf.5.xml:508
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:511
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
+#: sssd.conf.5.xml:515
msgid "Default: /bin/sh"
msgstr "Пешфарз: /bin/sh"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:520
+msgid "default_shell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:523
+msgid ""
+"The default shell to use if the provider does not return one during lookup. "
+"This option supercedes any other shell options if it takes effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:528
+msgid ""
+"Default: not set (Return NULL if no shell is specified and rely on libc to "
+"substitute something sensible when necessary, usually /bin/sh)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:535 sssd.conf.5.xml:683
+msgid "get_domains_timeout (int)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:538 sssd.conf.5.xml:686
+msgid ""
+"Specifies time in seconds for which the list of subdomains will be "
+"considered valid."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:489
+#: sssd.conf.5.xml:549
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:491
+#: sssd.conf.5.xml:551
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:556
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:499
+#: sssd.conf.5.xml:559
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504 sssd.conf.5.xml:517
+#: sssd.conf.5.xml:564 sssd.conf.5.xml:577
msgid "Default: 0 (No limit)"
msgstr "Пешфарз: 0 (Номаҳдуд)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:570
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:513
+#: sssd.conf.5.xml:573
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:523
+#: sssd.conf.5.xml:583
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:586
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:591
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -831,59 +908,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537 sssd.conf.5.xml:590 sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:597 sssd.conf.5.xml:650 sssd.conf.5.xml:1315
msgid "Default: 5"
msgstr "Пешфарз: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:603
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:606
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:611
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:554
+#: sssd.conf.5.xml:614
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:557
+#: sssd.conf.5.xml:617
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:621
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:624
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:568 sssd.8.xml:63
+#: sssd.conf.5.xml:628 sssd.8.xml:63
msgid "Default: 1"
msgstr "Пешфарз: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:573
+#: sssd.conf.5.xml:633
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:636
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -891,7 +968,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
+#: sssd.conf.5.xml:642
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -900,45 +977,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:656
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:659 sssd.conf.5.xml:972
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:662
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
"cannot display a warning."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:668 sssd.conf.5.xml:975
+msgid ""
+"If zero is set, then this filter is not applied, i.e. if the expiration "
+"warning was received from backend server, it will automatically be displayed."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:608
-msgid "Default: 7"
-msgstr "Пешфарз: 7"
+#: sssd.conf.5.xml:673
+msgid ""
+"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
+"emphasis> for a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:678 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Пешфарз: 0"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:616
+#: sssd.conf.5.xml:698
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:618
+#: sssd.conf.5.xml:700
msgid "These options can be used to configure the sudo service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:707
msgid "sudo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:710
msgid ""
"For any sudo request that comes while SSSD is online, the SSSD will attempt "
"to update the cached rules in order to ensure that sudo has the latest "
@@ -946,7 +1037,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:716
msgid ""
"The user may, however, run a couple of sudo commands successively, which "
"would trigger multiple LDAP requests. In order to speed up this use-case, "
@@ -955,71 +1046,95 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:641
+#: sssd.conf.5.xml:723
msgid ""
"This option controls how long (in seconds) can the sudo service cache rules "
"for a user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:727
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:732
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:735
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:748
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:750
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:676
+#: sssd.conf.5.xml:758
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:679
+#: sssd.conf.5.xml:761
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
"before asking the back end again."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:776
+#, fuzzy
+#| msgid "Configuration"
+msgid "SSH configuration options"
+msgstr "Ҷӯрсозӣ"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:778
+msgid "These options can be used to configure the SSH service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:786
+msgid "ssh_hash_known_hosts (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:789
+msgid ""
+"Whether or not to hash host names and adresses in the managed known_hosts "
+"file."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:803
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:810
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:706
+#: sssd.conf.5.xml:813
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:711
+#: sssd.conf.5.xml:818
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1028,56 +1143,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:825
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
-msgid ""
-"Timeout in seconds between heartbeats for this domain. This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr "Пешфарз: 10"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:738
+#: sssd.conf.5.xml:831
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:834
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:745
+#: sssd.conf.5.xml:838
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:841
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:856 sssd.conf.5.xml:910
+#: sssd.conf.5.xml:844 sssd.conf.5.xml:949 sssd.conf.5.xml:1031
msgid "Default: FALSE"
msgstr "Пешфарз: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:754
+#: sssd.conf.5.xml:847
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1087,14 +1185,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:764
+#: sssd.conf.5.xml:857
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:862
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1103,98 +1201,98 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:873
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:876
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:880
msgid "Default: 5400"
msgstr "Пешфарз: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:886
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796
+#: sssd.conf.5.xml:889
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800 sssd.conf.5.xml:813 sssd.conf.5.xml:826
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:893 sssd.conf.5.xml:906 sssd.conf.5.xml:919
+#: sssd.conf.5.xml:932
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:899
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:902
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:819
+#: sssd.conf.5.xml:912
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:915
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:925
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:928
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:938
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:941
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:945
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:861
+#: sssd.conf.5.xml:954
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:957
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1203,47 +1301,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:964
msgid "Default: 0 (unlimited)"
msgstr "Пешфарз: 0 (номаҳдуд)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:969
+msgid "pwd_expiration_warning (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:980
+msgid ""
+"Please note that the backend server has to provide information about the "
+"expiration time of the password. If this information is missing, sssd "
+"cannot display a warning. Also an auth provider has to be configured for the "
+"backend."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:987
+msgid "Default: 7 (Kerberos), 0 (LDAP)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:993
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:880
+#: sssd.conf.5.xml:996
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:1000
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:887
+#: sssd.conf.5.xml:1003
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:890
+#: sssd.conf.5.xml:1006
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:1009
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:899
+#: sssd.conf.5.xml:1015
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:1018
+msgid ""
+"Use the full name and domain (as formatted by the domain's full_name_format) "
+"as the user's login name reported to NSS."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1023
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1252,19 +1376,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:915
+#: sssd.conf.5.xml:1036
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:918
+#: sssd.conf.5.xml:1039
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
+#: sssd.conf.5.xml:1043
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1272,7 +1396,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:929
+#: sssd.conf.5.xml:1050
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1280,30 +1404,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:1057
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1060
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1063
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:1069
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:951
+#: sssd.conf.5.xml:1072
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1311,17 +1435,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
-msgid "<quote>permit</quote> always allow access."
+#: sssd.conf.5.xml:1078
+msgid ""
+"<quote>permit</quote> always allow access. It's the only permitted access "
+"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:960
+#: sssd.conf.5.xml:1081
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1084
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1330,24 +1456,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1091
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1096
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:978
+#: sssd.conf.5.xml:1099
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1104
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1355,7 +1481,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:991
+#: sssd.conf.5.xml:1112
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1363,7 +1489,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1120
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1371,35 +1497,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1007
+#: sssd.conf.5.xml:1128
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1011
+#: sssd.conf.5.xml:1132
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1135
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1021
+#: sssd.conf.5.xml:1142
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1148
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1031
+#: sssd.conf.5.xml:1152
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1407,29 +1533,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
+#: sssd.conf.5.xml:1159
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1041
+#: sssd.conf.5.xml:1162 sssd.conf.5.xml:1246 sssd.conf.5.xml:1271
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1047
+#: sssd.conf.5.xml:1168
msgid "session_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1171
msgid ""
"The provider which should handle loading of session settings. Supported "
"session providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1055
+#: sssd.conf.5.xml:1176
msgid ""
"<quote>ipa</quote> to load session settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1437,66 +1563,153 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1184
msgid "<quote>none</quote> disallows fetching session settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1187
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"session loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1193
+msgid "subdomains_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1196
+msgid ""
+"The provider which should handle fetching of subdomains. This value should "
+"be always the same as id_provider. Supported subdomain providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1201
+msgid ""
+"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1209
+msgid "<quote>none</quote> disallows fetching subdomains explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1212 sssd-ldap.5.xml:1499
+msgid "Default: none"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1218
+msgid "autofs_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1224
+msgid ""
+"The autofs provider used for the domain. Supported autofs providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1228
+msgid ""
+"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1235
+msgid ""
+"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
+"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1243
+msgid "<quote>none</quote> disables autofs explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1253
+msgid "hostid_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1256
+msgid ""
+"The provider used for retrieving host identity information. Supported "
+"hostid providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1260
+msgid ""
+"<quote>ipa</quote> to load host identity stored in an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1268
+msgid "<quote>none</quote> disables hostid explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1278
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1076
+#: sssd.conf.5.xml:1281
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1285
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1083
+#: sssd.conf.5.xml:1288
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1291
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1294
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1092
+#: sssd.conf.5.xml:1297
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1095
+#: sssd.conf.5.xml:1300
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1306
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1104
+#: sssd.conf.5.xml:1309
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1504,51 +1717,83 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1321
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1324
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1328
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1129
+#: sssd.conf.5.xml:1334
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1337
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1138
+#: sssd.conf.5.xml:1343
msgid "case_sensitive (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1346
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1351
msgid "Default: True"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1357
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1360
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1374
+msgid "subdomain_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1377
+msgid ""
+"Use this homedir as default value for all subdomains within this domain. See "
+"<emphasis>override_homedir</emphasis> for info about possible values."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1382
+msgid ""
+"The value can be overridden by <emphasis>override_homedir</emphasis> option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:805
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1556,29 +1801,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1395
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1398
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1401
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1409
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1412
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1586,19 +1831,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1154
+#: sssd.conf.5.xml:1391
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1187
+#: sssd.conf.5.xml:1424
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1426
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1606,73 +1851,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1433
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1436
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1440
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1445
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211
+#: sssd.conf.5.xml:1448
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1453
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1221
+#: sssd.conf.5.xml:1458
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1224
+#: sssd.conf.5.xml:1461
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1228 sssd.conf.5.xml:1240
+#: sssd.conf.5.xml:1465 sssd.conf.5.xml:1477
msgid "Default: TRUE"
msgstr "Пешфарз: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1470
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1473
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1245
+#: sssd.conf.5.xml:1482
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1248
+#: sssd.conf.5.xml:1485
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1680,17 +1925,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1256
+#: sssd.conf.5.xml:1493
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1498
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1501
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1699,17 +1944,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1274
+#: sssd.conf.5.xml:1511
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1516
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1519
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1717,17 +1962,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1289
+#: sssd.conf.5.xml:1526
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1531
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1297
+#: sssd.conf.5.xml:1534
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1735,18 +1980,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1540
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1313 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1550 sssd-ldap.5.xml:2145 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:563 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr "НАМУНА"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1319
+#: sssd.conf.5.xml:1556
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1776,7 +2021,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1552
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1785,7 +2030,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1587
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1984,216 +2229,234 @@ msgstr ""
msgid ""
"Specifies the Schema Type in use on the target LDAP server. Depending on "
"the selected schema, the default attribute names retrieved from the servers "
-"may vary. The way that some attributes are handled may also differ. Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
+"may vary. The way that some attributes are handled may also differ. Four "
+"schema types are currently supported: rfc2307 rfc2307bis IPA AD The main "
"difference between these schema types is how group memberships are recorded "
"in the server. With rfc2307, group members are listed by name in the "
"<emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, group "
"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
+"attribute. The AD schema type sets the attributes to correspond with Active "
+"Directory 2008r2 values."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
+#: sssd-ldap.5.xml:183
msgid "Default: rfc2307"
msgstr "Пешфарз: rfc2307"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
+#: sssd-ldap.5.xml:189
msgid "ldap_default_bind_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
+#: sssd-ldap.5.xml:192
msgid "The default bind DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
+#: sssd-ldap.5.xml:199
msgid "ldap_default_authtok_type (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
+#: sssd-ldap.5.xml:202
msgid "The type of the authentication token of the default bind DN."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
+#: sssd-ldap.5.xml:206
msgid "The two mechanisms currently supported are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
+#: sssd-ldap.5.xml:209
msgid "password"
msgstr "парол"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
+#: sssd-ldap.5.xml:212
msgid "obfuscated_password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
+#: sssd-ldap.5.xml:215
msgid "Default: password"
msgstr "Пешфарз: парол"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
+#: sssd-ldap.5.xml:221
msgid "ldap_default_authtok (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
+#: sssd-ldap.5.xml:224
msgid ""
"The authentication token of the default bind DN. Only clear text passwords "
"are currently supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
+#: sssd-ldap.5.xml:231
msgid "ldap_user_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
+#: sssd-ldap.5.xml:234
msgid "The object class of a user entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
+#: sssd-ldap.5.xml:237
msgid "Default: posixAccount"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
+#: sssd-ldap.5.xml:243
msgid "ldap_user_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
+#: sssd-ldap.5.xml:246
msgid "The LDAP attribute that corresponds to the user's login name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
+#: sssd-ldap.5.xml:250
msgid "Default: uid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
+#: sssd-ldap.5.xml:256
msgid "ldap_user_uid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
+#: sssd-ldap.5.xml:259
msgid "The LDAP attribute that corresponds to the user's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
+#: sssd-ldap.5.xml:263
msgid "Default: uidNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
+#: sssd-ldap.5.xml:269
msgid "ldap_user_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
+#: sssd-ldap.5.xml:272
msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
+#: sssd-ldap.5.xml:276 sssd-ldap.5.xml:758
msgid "Default: gidNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
+#: sssd-ldap.5.xml:282
msgid "ldap_user_gecos (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
+#: sssd-ldap.5.xml:285
msgid "The LDAP attribute that corresponds to the user's gecos field."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
+#: sssd-ldap.5.xml:289
msgid "Default: gecos"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
+#: sssd-ldap.5.xml:295
msgid "ldap_user_home_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
+#: sssd-ldap.5.xml:298
msgid "The LDAP attribute that contains the name of the user's home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
+#: sssd-ldap.5.xml:302
msgid "Default: homeDirectory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
+#: sssd-ldap.5.xml:308
msgid "ldap_user_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
+#: sssd-ldap.5.xml:311
msgid "The LDAP attribute that contains the path to the user's default shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
+#: sssd-ldap.5.xml:315
msgid "Default: loginShell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
+#: sssd-ldap.5.xml:321
msgid "ldap_user_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
+#: sssd-ldap.5.xml:324
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
+#: sssd-ldap.5.xml:328 sssd-ldap.5.xml:784 sssd-ldap.5.xml:911
msgid "Default: nsUniqueId"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
+#: sssd-ldap.5.xml:334
+msgid "ldap_user_objectsid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:337
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP user object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:342 sssd-ldap.5.xml:798
+msgid "Default: objectSid for ActiveDirectory, not set for other servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:349
msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
+#: sssd-ldap.5.xml:352 sssd-ldap.5.xml:808 sssd-ldap.5.xml:920
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
+#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:812 sssd-ldap.5.xml:927
msgid "Default: modifyTimestamp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
+#: sssd-ldap.5.xml:362
msgid "ldap_user_shadow_last_change (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
+#: sssd-ldap.5.xml:365
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2202,17 +2465,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
+#: sssd-ldap.5.xml:375
msgid "Default: shadowLastChange"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
+#: sssd-ldap.5.xml:381
msgid "ldap_user_shadow_min (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
+#: sssd-ldap.5.xml:384
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2221,17 +2484,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
+#: sssd-ldap.5.xml:393
msgid "Default: shadowMin"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
+#: sssd-ldap.5.xml:399
msgid "ldap_user_shadow_max (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
+#: sssd-ldap.5.xml:402
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2240,17 +2503,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
+#: sssd-ldap.5.xml:411
msgid "Default: shadowMax"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
+#: sssd-ldap.5.xml:417
msgid "ldap_user_shadow_warning (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
+#: sssd-ldap.5.xml:420
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2259,17 +2522,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
+#: sssd-ldap.5.xml:430
msgid "Default: shadowWarning"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
+#: sssd-ldap.5.xml:436
msgid "ldap_user_shadow_inactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
+#: sssd-ldap.5.xml:439
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2278,17 +2541,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
+#: sssd-ldap.5.xml:449
msgid "Default: shadowInactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
+#: sssd-ldap.5.xml:455
msgid "ldap_user_shadow_expire (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
+#: sssd-ldap.5.xml:458
msgid ""
"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
"parameter contains the name of an LDAP attribute corresponding to its "
@@ -2297,17 +2560,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
+#: sssd-ldap.5.xml:468
msgid "Default: shadowExpire"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
+#: sssd-ldap.5.xml:474
msgid "ldap_user_krb_last_pwd_change (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
+#: sssd-ldap.5.xml:477
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time of last password change in "
@@ -2315,158 +2578,158 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
+#: sssd-ldap.5.xml:483
msgid "Default: krbLastPwdChange"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
+#: sssd-ldap.5.xml:489
msgid "ldap_user_krb_password_expiration (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
+#: sssd-ldap.5.xml:492
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time when current password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
+#: sssd-ldap.5.xml:498
msgid "Default: krbPasswordExpiration"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
+#: sssd-ldap.5.xml:504
msgid "ldap_user_ad_account_expires (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
+#: sssd-ldap.5.xml:507
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the expiration time of the account."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
+#: sssd-ldap.5.xml:512
msgid "Default: accountExpires"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
+#: sssd-ldap.5.xml:518
msgid "ldap_user_ad_user_account_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
+#: sssd-ldap.5.xml:521
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the user account control bit field."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
+#: sssd-ldap.5.xml:526
msgid "Default: userAccountControl"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
+#: sssd-ldap.5.xml:532
msgid "ldap_ns_account_lock (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
+#: sssd-ldap.5.xml:535
msgid ""
"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
"determines if access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
+#: sssd-ldap.5.xml:540
msgid "Default: nsAccountLock"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
+#: sssd-ldap.5.xml:546
msgid "ldap_user_nds_login_disabled (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
+#: sssd-ldap.5.xml:549
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines if "
"access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
+#: sssd-ldap.5.xml:553 sssd-ldap.5.xml:567
msgid "Default: loginDisabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
+#: sssd-ldap.5.xml:559
msgid "ldap_user_nds_login_expiration_time (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
+#: sssd-ldap.5.xml:562
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines until "
"which date access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
+#: sssd-ldap.5.xml:573
msgid "ldap_user_nds_login_allowed_time_map (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
+#: sssd-ldap.5.xml:576
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines the "
"hours of a day in a week when access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
+#: sssd-ldap.5.xml:581
msgid "Default: loginAllowedTimeMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
+#: sssd-ldap.5.xml:587
msgid "ldap_user_principal (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
+#: sssd-ldap.5.xml:590
msgid ""
"The LDAP attribute that contains the user's Kerberos User Principal Name "
"(UPN)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
+#: sssd-ldap.5.xml:594
msgid "Default: krbPrincipalName"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
+#: sssd-ldap.5.xml:600
msgid "ldap_user_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
+#: sssd-ldap.5.xml:603
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
+#: sssd-ldap.5.xml:610
msgid "ldap_force_upper_case_realm (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
+#: sssd-ldap.5.xml:613
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -2475,29 +2738,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
+#: sssd-ldap.5.xml:626
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
+#: sssd-ldap.5.xml:629
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:634 sssd-ldap.5.xml:1887
msgid "Default: 300"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
+#: sssd-ldap.5.xml:640
msgid "ldap_purge_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
+#: sssd-ldap.5.xml:643
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -2505,54 +2768,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
+#: sssd-ldap.5.xml:649
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
+#: sssd-ldap.5.xml:653
msgid "Default: 10800 (12 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
+#: sssd-ldap.5.xml:659
msgid "ldap_user_fullname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
+#: sssd-ldap.5.xml:662
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
+#: sssd-ldap.5.xml:666 sssd-ldap.5.xml:745 sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:952 sssd-ldap.5.xml:1742 sssd-ldap.5.xml:1960
+#: sssd-ipa.5.xml:441
msgid "Default: cn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
+#: sssd-ldap.5.xml:672
msgid "ldap_user_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
+#: sssd-ldap.5.xml:675
msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
+#: sssd-ldap.5.xml:679 sssd-ipa.5.xml:345
msgid "Default: memberOf"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
+#: sssd-ldap.5.xml:685
msgid "ldap_user_authorized_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
+#: sssd-ldap.5.xml:688
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -2560,24 +2823,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
+#: sssd-ldap.5.xml:695
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:700
msgid "Default: authorizedService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
+#: sssd-ldap.5.xml:706
msgid "ldap_user_authorized_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
+#: sssd-ldap.5.xml:709
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -2585,89 +2848,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
+#: sssd-ldap.5.xml:715
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
+#: sssd-ldap.5.xml:720
msgid "Default: host"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:726
msgid "ldap_group_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
+#: sssd-ldap.5.xml:729
msgid "The object class of a group entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
+#: sssd-ldap.5.xml:732
msgid "Default: posixGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:738
msgid "ldap_group_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
+#: sssd-ldap.5.xml:741
msgid "The LDAP attribute that corresponds to the group name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:751
msgid "ldap_group_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:754
msgid "The LDAP attribute that corresponds to the group's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
+#: sssd-ldap.5.xml:764
msgid "ldap_group_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
+#: sssd-ldap.5.xml:767
msgid "The LDAP attribute that contains the names of the group's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
+#: sssd-ldap.5.xml:771
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
+#: sssd-ldap.5.xml:777
msgid "ldap_group_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:780
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:790
+msgid "ldap_group_objectsid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:793
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP group object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:805
msgid "ldap_group_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:818
msgid "ldap_group_nesting_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:821
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -2675,198 +2950,198 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
+#: sssd-ldap.5.xml:828
msgid "Default: 2"
msgstr "Пешфарз: 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:834
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
+#: sssd-ldap.5.xml:837
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
+#: sssd-ldap.5.xml:840
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:844
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
+#: sssd-ldap.5.xml:850
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
+#: sssd-ldap.5.xml:853
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:857
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
+#: sssd-ldap.5.xml:867
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
+#: sssd-ldap.5.xml:870
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
+#: sssd-ldap.5.xml:874
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:878
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:884
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
+#: sssd-ldap.5.xml:887
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
+#: sssd-ldap.5.xml:891 sssd-ldap.5.xml:924
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:894
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
+#: sssd-ldap.5.xml:900
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
+#: sssd-ldap.5.xml:903
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
+#: sssd-ldap.5.xml:907
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
+#: sssd-ldap.5.xml:917
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:933
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:936
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:939
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:945
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:948
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
+#: sssd-ldap.5.xml:958
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
+#: sssd-ldap.5.xml:961
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
+#: sssd-ldap.5.xml:965
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
+#: sssd-ldap.5.xml:971
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:974
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
+#: sssd-ldap.5.xml:978
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
+#: sssd-ldap.5.xml:984
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:987
msgid "An optional base DN to restrict service searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
+#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1997 sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2035 sssd-ldap.5.xml:2098 sssd-ldap.5.xml:2120
+#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 sssd-ipa.5.xml:206
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
+#: sssd-ldap.5.xml:996 sssd-ldap.5.xml:2002 sssd-ldap.5.xml:2021
+#: sssd-ldap.5.xml:2040 sssd-ldap.5.xml:2103 sssd-ldap.5.xml:2125
#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
+#: sssd-ldap.5.xml:1003
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1006
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2874,7 +3149,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
+#: sssd-ldap.5.xml:1012
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2882,35 +3157,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
+#: sssd-ldap.5.xml:1018 sssd-ldap.5.xml:1060 sssd-ldap.5.xml:1075
msgid "Default: 6"
msgstr "Пешфарз: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1024
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1027
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
"are returned (and offline mode is entered)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1040
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1043
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2921,12 +3191,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
+#: sssd-ldap.5.xml:1066
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
+#: sssd-ldap.5.xml:1069
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2934,12 +3204,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1081
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1084
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -2948,34 +3218,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
+#: sssd-ldap.5.xml:1092
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1098
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
+#: sssd-ldap.5.xml:1101
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1106
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
+#: sssd-ldap.5.xml:1112
+msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1115
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -2983,27 +3253,50 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
+#: sssd-ldap.5.xml:1121
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1127
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
"requests being denied."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1133 include/ldap_id_mapping.xml:184
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1139
+msgid "ldap_sasl_minssf (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1142
+msgid ""
+"When communicating with an LDAP server using SASL, specify the minimum "
+"security level necessary to establish the connection. The values of this "
+"option are defined by OpenLDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1148
+msgid "Default: Use the system default (usually specified by ldap.conf)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1155
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1158
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -3011,13 +3304,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1164
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1168
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -3026,7 +3319,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
+#: sssd-ldap.5.xml:1176
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -3034,26 +3327,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1189
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
+#: sssd-ldap.5.xml:1192
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1198
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
+#: sssd-ldap.5.xml:1202
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3061,7 +3354,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1209
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3069,7 +3362,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1215
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3077,41 +3370,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1221
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1225
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
+#: sssd-ldap.5.xml:1231
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
+#: sssd-ldap.5.xml:1234
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
+#: sssd-ldap.5.xml:1239 sssd-ldap.5.xml:1257 sssd-ldap.5.xml:1298
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1246
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1249
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3120,38 +3413,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1264
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1267
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1271 sssd-ldap.5.xml:1283 sssd-ldap.5.xml:1344
+#: sssd-ldap.5.xml:2058 sssd-ldap.5.xml:2085 sssd-krb5.5.xml:359
+#: include/ldap_id_mapping.xml:145 include/ldap_id_mapping.xml:156
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1277
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1280
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
+#: sssd-ldap.5.xml:1289
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
+#: sssd-ldap.5.xml:1292
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3159,90 +3453,103 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1305
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1308
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
+#: sssd-ldap.5.xml:1318
+msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1321
msgid ""
-"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
-"supported."
+"Specifies that SSSD should attempt to map user and group IDs from the "
+"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
+"on ldap_user_uid_number and ldap_group_gid_number."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
+#: sssd-ldap.5.xml:1327
+msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1337
+msgid "ldap_sasl_mech (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1340
+msgid ""
+"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
+"supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1350
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
+#: sssd-ldap.5.xml:1353
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
+#: sssd-ldap.5.xml:1358
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1364
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
+#: sssd-ldap.5.xml:1367
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
+#: sssd-ldap.5.xml:1372
msgid "Default: false;"
msgstr "Пешфарз: false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1378
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
+#: sssd-ldap.5.xml:1381
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1384
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
+#: sssd-ldap.5.xml:1390
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
+#: sssd-ldap.5.xml:1393
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -3250,27 +3557,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1405
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1408
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
+#: sssd-ldap.5.xml:1412
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1418 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1421 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -3282,7 +3589,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1433 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -3290,7 +3597,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1438 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -3298,53 +3605,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1447 sssd-ipa.5.xml:235 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1450
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
+#: sssd-ldap.5.xml:1453
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1459 sssd-ipa.5.xml:250 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1462
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
+#: sssd-ldap.5.xml:1474
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
+#: sssd-ldap.5.xml:1477
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1482
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
+#: sssd-ldap.5.xml:1487
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -3352,7 +3659,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
+#: sssd-ldap.5.xml:1493
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -3360,76 +3667,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1505
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1508
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
+#: sssd-ldap.5.xml:1512
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1517
+msgid ""
+"Chasing referrals may incur a performance penalty in environments that use "
+"them heavily, a notable example is Microsoft Active Directory. If your setup "
+"does not in fact require the use of referrals, setting this option to false "
+"might bring a noticeable performance improvement."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1531
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1534
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1538
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1544
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
+#: sssd-ldap.5.xml:1547
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1552
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
+#: sssd-ldap.5.xml:1558
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1561
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
+"it will result in all users being denied access. Use access_provider = "
+"permit to change this default behavior."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:1571 sssd-ldap.5.xml:2061
msgid "Example:"
msgstr "Намуна:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
+#: sssd-ldap.5.xml:1574
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3438,14 +3754,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1578
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
+#: sssd-ldap.5.xml:1583
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3454,24 +3770,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1591 sssd-ldap.5.xml:1641
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1597
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1600
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1604
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3479,19 +3795,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1611
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1614
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1619
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3500,7 +3816,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1626
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3508,7 +3824,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
+#: sssd-ldap.5.xml:1632
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3517,89 +3833,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
+#: sssd-ldap.5.xml:1647
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
+#: sssd-ldap.5.xml:1650
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1654
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1657
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1661
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
+#: sssd-ldap.5.xml:1666
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1670
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1673
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1680
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
+#: sssd-ldap.5.xml:1683
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1688
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1692
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1697
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1702
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1707
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3616,212 +3932,212 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1718
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1723
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
+#: sssd-ldap.5.xml:1726
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1729
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1735
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1738
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1748
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1751
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
+#: sssd-ldap.5.xml:1755
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
+#: sssd-ldap.5.xml:1761
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
+#: sssd-ldap.5.xml:1764
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
+#: sssd-ldap.5.xml:1769
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1775
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
+#: sssd-ldap.5.xml:1778
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
+#: sssd-ldap.5.xml:1782
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1788
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
+#: sssd-ldap.5.xml:1791
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
+#: sssd-ldap.5.xml:1795
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
+#: sssd-ldap.5.xml:1801
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1804
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
+#: sssd-ldap.5.xml:1808
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
+#: sssd-ldap.5.xml:1814
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
+#: sssd-ldap.5.xml:1817
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
+#: sssd-ldap.5.xml:1821
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
+#: sssd-ldap.5.xml:1827
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
+#: sssd-ldap.5.xml:1830
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1834
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
+#: sssd-ldap.5.xml:1840
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
+#: sssd-ldap.5.xml:1843
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1848
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1854
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1857
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
+#: sssd-ldap.5.xml:1861
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1867
msgid "ldap_sudo_refresh_enabled (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1870
msgid ""
"Enables periodical download of all sudo rules. The cache is purged before "
"each update."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1880
msgid "ldap_sudo_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
+#: sssd-ldap.5.xml:1883
msgid ""
"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1721
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1894
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -3830,76 +4146,76 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1904
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
+#: sssd-ldap.5.xml:1906
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1913
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1916 sssd-ldap.5.xml:1942
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1919 sssd-ldap.5.xml:1946
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
+#: sssd-ldap.5.xml:1926
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
+#: sssd-ldap.5.xml:1929
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
+#: sssd-ldap.5.xml:1932
msgid "Default: ou"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1939
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1953
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
+#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:1970
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1967
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1974
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1911
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -3908,62 +4224,62 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
+#: sssd-ldap.5.xml:1983
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
+#: sssd-ldap.5.xml:1990
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
+#: sssd-ldap.5.xml:1993
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:2009
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
+#: sssd-ldap.5.xml:2012
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
+#: sssd-ldap.5.xml:2028
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:2031
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:2047
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
+#: sssd-ldap.5.xml:2050
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
+#: sssd-ldap.5.xml:2054
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2064
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3971,55 +4287,55 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
+#: sssd-ldap.5.xml:2067
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2074
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
+#: sssd-ldap.5.xml:2077
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2081
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2091
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2094
msgid ""
"An optional base DN to restrict sudo rules searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
+#: sssd-ldap.5.xml:2113
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
+#: sssd-ldap.5.xml:2116
msgid ""
"An optional base DN to restrict automounter searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1985
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -4027,7 +4343,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2147
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -4035,7 +4351,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
+#: sssd-ldap.5.xml:2153
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -4048,19 +4364,19 @@ msgid ""
" enumerate = true\n"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
+#. type: Content of: <refsect1><refsect2><para>
+#: sssd-ldap.5.xml:2152 sssd-simple.5.xml:134 sssd-ipa.5.xml:571
+#: sssd-krb5.5.xml:441 include/ldap_id_mapping.xml:63
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:2166 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr "ЭЗОҲҲО"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
+#: sssd-ldap.5.xml:2168
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -4069,7 +4385,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
+#: sssd-ldap.5.xml:2179
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -4591,40 +4907,55 @@ msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:199
+msgid "ipa_subdomains_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:202
+msgid "Optional. Use the given string as search base for trusted domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:218 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:221 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
+#: sssd-ipa.5.xml:228
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
+#: sssd-ipa.5.xml:238
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:242
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
+#: sssd-ipa.5.xml:253
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -4632,12 +4963,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
+#: sssd-ipa.5.xml:266
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
+#: sssd-ipa.5.xml:269
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -4645,17 +4976,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
+#: sssd-ipa.5.xml:276
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
+#: sssd-ipa.5.xml:281
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
+#: sssd-ipa.5.xml:284
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -4664,313 +4995,313 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
+#: sssd-ipa.5.xml:293
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
+#: sssd-ipa.5.xml:298
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
+#: sssd-ipa.5.xml:303
msgid "Default: DENY_ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
+#: sssd-ipa.5.xml:308
msgid "ipa_hbac_support_srchost (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:311
msgid ""
"If this is set to false, then srchost as given to SSSD by PAM will be "
"ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
+#: sssd-ipa.5.xml:315
msgid ""
"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
+#: sssd-ipa.5.xml:326
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
+#: sssd-ipa.5.xml:329
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
+#: sssd-ipa.5.xml:332
msgid "Default: The location named \"default\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:338
msgid "ipa_netgroup_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
+#: sssd-ipa.5.xml:341
msgid "The LDAP attribute that lists netgroup's memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
+#: sssd-ipa.5.xml:350
msgid "ipa_netgroup_member_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
+#: sssd-ipa.5.xml:353
msgid ""
"The LDAP attribute that lists system users and groups that are direct "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:358 sssd-ipa.5.xml:453
msgid "Default: memberUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
+#: sssd-ipa.5.xml:363
msgid "ipa_netgroup_member_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:366
msgid ""
"The LDAP attribute that lists hosts and host groups that are direct members "
"of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:370 sssd-ipa.5.xml:465
msgid "Default: memberHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:375
msgid "ipa_netgroup_member_ext_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
+#: sssd-ipa.5.xml:378
msgid ""
"The LDAP attribute that lists FQDNs of hosts and host groups that are "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
+#: sssd-ipa.5.xml:382
msgid "Default: externalHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
+#: sssd-ipa.5.xml:387
msgid "ipa_netgroup_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:390
msgid "The LDAP attribute that contains NIS domain name of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
+#: sssd-ipa.5.xml:394
msgid "Default: nisDomainName"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
+#: sssd-ipa.5.xml:400
msgid "ipa_host_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
+#: sssd-ipa.5.xml:403 sssd-ipa.5.xml:426
msgid "The object class of a host entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
+#: sssd-ipa.5.xml:406 sssd-ipa.5.xml:429
msgid "Default: ipaHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:411
msgid "ipa_host_fqdn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
+#: sssd-ipa.5.xml:414
msgid "The LDAP attribute that contains FQDN of the host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
+#: sssd-ipa.5.xml:417
msgid "Default: fqdn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
+#: sssd-ipa.5.xml:423
msgid "ipa_selinux_usermap_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
+#: sssd-ipa.5.xml:434
msgid "ipa_selinux_usermap_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:437
msgid "The LDAP attribute that contains the name of SELinux usermap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:446
msgid "ipa_selinux_usermap_member_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
+#: sssd-ipa.5.xml:449
msgid ""
"The LDAP attribute that contains all users / groups this rule match against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
+#: sssd-ipa.5.xml:458
msgid "ipa_selinux_usermap_member_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
+#: sssd-ipa.5.xml:461
msgid ""
"The LDAP attribute that contains all hosts / hostgroups this rule match "
"against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:470
msgid "ipa_selinux_usermap_see_also (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:473
msgid ""
"The LDAP attribute that contains DN of HBAC rule which can be used for "
"matching instead of memberUser and memberHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
+#: sssd-ipa.5.xml:478
msgid "Default: seeAlso"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
+#: sssd-ipa.5.xml:483
msgid "ipa_selinux_usermap_selinux_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:486
msgid "The LDAP attribute that contains SELinux user string itself."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:490
msgid "Default: ipaSELinuxUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
+#: sssd-ipa.5.xml:495
msgid "ipa_selinux_usermap_enabled (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
+#: sssd-ipa.5.xml:498
msgid ""
"The LDAP attribute that contains whether or not is user map enabled for "
"usage."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:502
msgid "Default: ipaEnabledFlag"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
+#: sssd-ipa.5.xml:507
msgid "ipa_selinux_usermap_user_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:510
msgid "The LDAP attribute that contains user category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
+#: sssd-ipa.5.xml:514
msgid "Default: userCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:519
msgid "ipa_selinux_usermap_host_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:522
msgid "The LDAP attribute that contains host category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
+#: sssd-ipa.5.xml:526
msgid "Default: hostCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:531
msgid "ipa_selinux_usermap_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
+#: sssd-ipa.5.xml:534
msgid "The LDAP attribute that contains unique ID of the user map."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
+#: sssd-ipa.5.xml:538
msgid "Default: ipaUniqueID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
+#: sssd-ipa.5.xml:543
msgid "ipa_host_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
+#: sssd-ipa.5.xml:546
msgid "The LDAP attribute that contains the host's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:550
msgid "Default: ipaSshPubKey"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:565
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -4978,7 +5309,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:572
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -4988,7 +5319,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
+#: sssd-ipa.5.xml:583
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -5065,11 +5396,6 @@ msgstr ""
msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Пешфарз: 0"
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:85
msgid "<option>-f</option>,<option>--debug-to-files</option>"
@@ -5450,7 +5776,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
+#: sss_useradd.8.xml:171
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -5924,7 +6250,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
+#: sss_groupadd.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6009,7 +6335,7 @@ msgid "Before actually deleting the user, terminate all his processes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
+#: sss_userdel.8.xml:97
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6048,7 +6374,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
+#: sss_groupdel.8.xml:50
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6101,7 +6427,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
+#: sss_groupshow.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6190,7 +6516,7 @@ msgid "The SELinux user for the user's login."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
+#: sss_usermod.8.xml:142
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6301,12 +6627,60 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:108
msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"<option>-s</option>,<option>--service</option> <replaceable>service</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:113
+msgid "Invalidate specific service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:119
+msgid "<option>-S</option>,<option>--services</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:123
+msgid ""
+"Invalidate all service records. This option overrides invalidation of "
+"specific service if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:130
+msgid ""
+"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:135
+msgid "Invalidate specific autofs maps."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:141
+msgid "<option>-A</option>,<option>--autofs-maps</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:145
+msgid ""
+"Invalidate all autofs maps. This option overrides invalidation of specific "
+"map if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:152
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:157
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -6531,7 +6905,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
msgid "Configuration"
msgstr "Ҷӯрсозӣ"
@@ -6647,6 +7021,239 @@ msgid ""
"offline mode, and then attempts to reconnect every 30 seconds."
msgstr ""
+#. type: Content of: <refsect1><title>
+#: include/ldap_id_mapping.xml:2
+msgid "ID MAPPING"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:4
+msgid ""
+"The ID-mapping feature allows SSSD to act as a client of Active Directory "
+"without requiring administrators to extend user attributes to support POSIX "
+"attributes for user and group identifiers."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:9
+msgid ""
+"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are "
+"ignored. This is to avoid the possibility of conflicts between automatically-"
+"assigned and manually-assigned values. If you need to use manually-assigned "
+"values, ALL values must be manually-assigned."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:17
+msgid "Mapping Algorithm"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:19
+msgid ""
+"Active Directory provides an objectSID for every user and group object in "
+"the directory. This objectSID can be broken up into components that "
+"represent the Active Directory domain identity and the relative identifier "
+"(RID) of the user or group object."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:25
+msgid ""
+"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
+"into equally-sized component sections - called \"slices\"-. Each slice "
+"represents the space available to an Active Directory domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:31
+msgid ""
+"When a user or group entry for a particular domain is encountered for the "
+"first time, the SSSD allocates one of the available slices for that domain. "
+"In order to make this slice-assignment repeatable on different client "
+"machines, we select the slice based on the following algorithm:"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:38
+msgid ""
+"The SID string is passed through the murmurhash3 algorithm to convert it to "
+"a 32-bit hashed value. We then take the modulus of this value with the total "
+"number of available slices to pick the slice."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:44
+msgid ""
+"NOTE: It is possible to encounter collisions in the hash and subsequent "
+"modulus. In these situations, we will select the next available slice, but "
+"it may not be possible to reproduce the same exact set of slices on other "
+"machines (since the order that they are encountered will determine their "
+"slice). In this situation, it is recommended to either switch to using "
+"explicit POSIX attributes in Active Directory (disabling ID-mapping) or "
+"configure a default domain to guarantee that at least one is always "
+"consistent. See <quote>Configuration</quote> for details."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:59
+msgid ""
+"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><programlisting>
+#: include/ldap_id_mapping.xml:64
+#, no-wrap
+msgid ""
+"ldap_id_mapping = True\n"
+"ldap_schema = ad\n"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:69
+msgid ""
+"The default configuration results in configuring 10,000 slices, each capable "
+"of holding up to 200,000 IDs, starting from 10,001 and going up to "
+"2,000,100,000. This should be sufficient for most deployments."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><title>
+#: include/ldap_id_mapping.xml:75
+#, fuzzy
+#| msgid "Configuration"
+msgid "Advanced Configuration"
+msgstr "Ҷӯрсозӣ"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:78
+msgid "ldap_idmap_range_min (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:81
+msgid ""
+"Specifies the lower bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:85
+msgid ""
+"NOTE: This option is different from <quote>id_mn</quote> in that "
+"<quote>id_min</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_min</"
+"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:95
+#, fuzzy
+#| msgid "Default: 10"
+msgid "Default: 10001"
+msgstr "Пешфарз: 10"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:100
+msgid "ldap_idmap_range_max (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:103
+msgid ""
+"Specifies the upper bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:107
+msgid ""
+"NOTE: This option is different from <quote>id_max</quote> in that "
+"<quote>id_max</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_max</"
+"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:117
+#, fuzzy
+#| msgid "Default: 10"
+msgid "Default: 2000100000"
+msgstr "Пешфарз: 10"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:122
+msgid "ldap_idmap_range_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:125
+msgid ""
+"Specifies the number of IDs available for each slice. If the range size "
+"does not divide evenly into the min and max values, it will create as many "
+"complete slices as it can."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:131
+#, fuzzy
+#| msgid "Default: 120"
+msgid "Default: 200000"
+msgstr "Пешфарз: 120"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:136
+msgid "ldap_idmap_default_domain_sid (string)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:139
+msgid ""
+"Specify the domain SID of the default domain. This will guarantee that this "
+"domain will always be assigned to slice zero in the ID map, bypassing the "
+"murmurhash algorithm described above."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:150
+msgid "ldap_idmap_default_domain (string)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:153
+msgid "Specify the name of the default domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:161
+msgid "ldap_idmap_autorid_compat (boolean)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:164
+msgid ""
+"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
+"winbind's <quote>idmap_autorid</quote> algorithm."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:169
+msgid ""
+"When this option is configured, domains will be allocated starting with "
+"slice zero and increasing monatomically with each additional domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:174
+msgid ""
+"NOTE: This algorithm is non-deterministic (it depends on the order that "
+"users and groups are requested). If this mode is required for compatibility "
+"with machines running winbind, it is recommended to also use the "
+"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at "
+"least one domain is consistently allocated to slice zero."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-h</option>,<option>--help</option>"
@@ -6766,3 +7373,30 @@ msgid ""
"<emphasis> This is an experimental feature, please use http://fedorahosted."
"org/sssd to report any issues. </emphasis>"
msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/local.xml:2
+msgid "THE LOCAL DOMAIN"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:4
+msgid ""
+"In order to function correctly, a domain with <quote>id_provider=local</"
+"quote> must be created and the SSSD must be running."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:9
+msgid ""
+"The administrator might want to use the SSSD local users instead of "
+"traditional UNIX users in cases where the group nesting (see <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>) is needed. The local users are also useful for testing and "
+"development of the SSSD without having to deploy a full remote server. The "
+"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
+"local LDB storage to store users and groups."
+msgstr ""
+
+#~ msgid "Default: 7"
+#~ msgstr "Пешфарз: 7"
diff --git a/src/man/po/uk.po b/src/man/po/uk.po
index 164047f7e..28b0a82c9 100644
--- a/src/man/po/uk.po
+++ b/src/man/po/uk.po
@@ -9,9 +9,9 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-03-12 16:37-0300\n"
-"PO-Revision-Date: 2012-03-12 20:08+0000\n"
-"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
+"POT-Creation-Date: 2012-05-11 14:59-0300\n"
+"PO-Revision-Date: 2012-04-20 17:34+0000\n"
+"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
"Language-Team: Ukrainian <trans-uk@lists.fedoraproject.org>\n"
"Language: uk\n"
"MIME-Version: 1.0\n"
@@ -129,18 +129,18 @@ msgstr ""
"replaceable>."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1348 sssd-ldap.5.xml:2096
+#: sss_groupmod.8.xml:74 sssd.conf.5.xml:1585 sssd-ldap.5.xml:2177
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138 sss_ssh_authorizedkeys.1.xml:96
+#: sssd-ipa.5.xml:581 sssd.8.xml:191 sss_obfuscate.8.xml:103
+#: sss_useradd.8.xml:169 sssd-krb5.5.xml:451 sss_groupadd.8.xml:60
+#: sss_userdel.8.xml:95 sss_groupdel.8.xml:48 sss_groupshow.8.xml:60
+#: sss_usermod.8.xml:140 sss_ssh_authorizedkeys.1.xml:96
#: sss_ssh_knownhostsproxy.1.xml:95
msgid "SEE ALSO"
msgstr "ТАКОЖ ПЕРЕГЛЯНЬТЕ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
+#: sss_groupmod.8.xml:76
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -266,7 +266,7 @@ msgid "The [sssd] section"
msgstr "Розділ [sssd]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:1431
msgid "Section parameters"
msgstr "Параметри розділу"
@@ -300,17 +300,21 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:88
msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
+"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
+"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
+"\"with_ssh\">, ssh</phrase>"
msgstr ""
-"Підтримувані служби: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
+"Підтримувані служби: nss, pam <phrase condition=\"with_sudo\">, sudo</"
+"phrase> <phrase condition=\"with_autofs\">, autofs</phrase> <phrase "
+"condition=\"with_ssh\">, ssh</phrase>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
+#: sssd.conf.5.xml:96 sssd.conf.5.xml:288
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
+#: sssd.conf.5.xml:99 sssd.conf.5.xml:291
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -320,17 +324,17 @@ msgstr ""
"визнання подальших спроб безнадійними."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
+#: sssd.conf.5.xml:104 sssd.conf.5.xml:296
msgid "Default: 3"
msgstr "Типове значення: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:109
msgid "domains"
msgstr "domains"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:112
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -344,12 +348,12 @@ msgstr ""
"до них запитів щодо даних."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
+#: sssd.conf.5.xml:122
msgid "re_expression (string)"
msgstr "re_expression (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
+#: sssd.conf.5.xml:125
msgid ""
"Regular expression that describes how to parse the string containing user "
"name and domain into these components."
@@ -358,7 +362,7 @@ msgstr ""
"доменом на його частини."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
+#: sssd.conf.5.xml:129
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -369,7 +373,7 @@ msgstr ""
"домену — все після цього символу."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
+#: sssd.conf.5.xml:134
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -381,7 +385,7 @@ msgstr ""
"платформах з версією libpcre 7."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:141
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
@@ -391,12 +395,12 @@ msgstr ""
"підшаблонів."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
+#: sssd.conf.5.xml:148
msgid "full_name_format (string)"
msgstr "full_name_format (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
+#: sssd.conf.5.xml:151
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to translate "
@@ -407,17 +411,17 @@ msgstr ""
"кортежу (назва, домен) у назву належного формату."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
+#: sssd.conf.5.xml:159
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Типове значення: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
+#: sssd.conf.5.xml:164
msgid "try_inotify (boolean)"
msgstr "try_inotify (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
+#: sssd.conf.5.xml:167
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -430,7 +434,7 @@ msgstr ""
"виконуватиметься опитування resolv.conf кожні п’ять секунд."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
+#: sssd.conf.5.xml:175
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -440,7 +444,7 @@ msgstr ""
"рідкісних випадках слід встановити для цього параметра значення «false»."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
+#: sssd.conf.5.xml:181
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
@@ -449,7 +453,7 @@ msgstr ""
"інших платформах."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:185
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
@@ -459,12 +463,12 @@ msgstr ""
"опитування файла."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
+#: sssd.conf.5.xml:192
msgid "krb5_rcache_dir (string)"
msgstr "krb5_rcache_dir (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
+#: sssd.conf.5.xml:195
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -473,7 +477,7 @@ msgstr ""
"Kerberos."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
+#: sssd.conf.5.xml:199
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
@@ -483,7 +487,7 @@ msgstr ""
"для кешу відтворення."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
+#: sssd.conf.5.xml:205
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
@@ -491,6 +495,29 @@ msgstr ""
"Типове значення: визначається дистрибутивом та вказується під час збирання. "
"(__LIBKRB5_DEFAULTS__, якщо не вказано)"
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:212
+#, fuzzy
+#| msgid "timeout (integer)"
+msgid "force_timeout (integer)"
+msgstr "timeout (ціле число)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:215
+msgid ""
+"If a service is not responding to ping checks (see the <quote>timeout</"
+"quote> option), it is first sent the SIGTERM signal that instructs it to "
+"quit gracefully. If the service does not terminate after "
+"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down "
+"by sending a SIGKILL signal."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:542 sssd.conf.5.xml:690
+#: sssd-ldap.5.xml:1034
+msgid "Default: 60"
+msgstr "Типове значення: 60"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:63
msgid ""
@@ -508,12 +535,12 @@ msgstr ""
"профілів. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
+#: sssd.conf.5.xml:234
msgid "SERVICES SECTIONS"
msgstr "РОЗДІЛИ СЛУЖБ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
+#: sssd.conf.5.xml:236
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -526,62 +553,83 @@ msgstr ""
"у розділі <quote>[nss]</quote>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
+#: sssd.conf.5.xml:243
msgid "General service configuration options"
msgstr "Загальні параметри налаштування служб"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
+#: sssd.conf.5.xml:245
msgid "These options can be used to configure any service."
msgstr "Цими параметрами можна скористатися для налаштування будь-яких служб."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
+#: sssd.conf.5.xml:249
msgid "debug_level (integer)"
msgstr "debug_level (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
+#: sssd.conf.5.xml:253
msgid "debug_timestamps (bool)"
msgstr "debug_timestamps (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
+#: sssd.conf.5.xml:256
msgid "Add a timestamp to the debug messages"
msgstr "Додати часову позначку до діагностичних повідомлень."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:393 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:408 sssd.conf.5.xml:793
+#: sssd-ldap.5.xml:1399 sssd-ldap.5.xml:1525 sssd-ipa.5.xml:225
+#: sssd-ipa.5.xml:260
msgid "Default: true"
msgstr "Типове значення: true"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
+#: sssd.conf.5.xml:264
msgid "debug_microseconds (bool)"
msgstr "debug_microseconds (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
+#: sssd.conf.5.xml:267
msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
"Додати значення мікросекунд до часової позначки у діагностичних повідомленнях"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:658 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:270 sssd.conf.5.xml:740 sssd.conf.5.xml:1368
+#: sssd-ldap.5.xml:620 sssd-ldap.5.xml:1312 sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1468 sssd-ldap.5.xml:1874 sssd-ipa.5.xml:123
+#: sssd-ipa.5.xml:320 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269
+#: sssd-krb5.5.xml:418
msgid "Default: false"
msgstr "Типове значення: false"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
+#: sssd.conf.5.xml:275
+msgid "timeout (integer)"
+msgstr "timeout (ціле число)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:278
+msgid ""
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
+msgstr ""
+"Проміжок у секундах між циклами роботи цієї служби. Використовується для "
+"перевірки працездатності процесу та його змоги відповідати на запити."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:283 sssd-ldap.5.xml:1183
+msgid "Default: 10"
+msgstr "Типове значення: 10"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:301
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:304
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -591,39 +639,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:282
+#: sssd.conf.5.xml:313
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:287
-msgid "command (string)"
-msgstr "command (рядок)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:290
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>. This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-"Типово, виконуваний файл служби називається <command>sssd_${service_name}</"
-"command>. За допомогою цієї інструкції ви можете змінити назву виконуваного "
-"файла служби. Здебільшого потреби у зміні типового значення не виникатиме."
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr "Типове значення: <command>sssd_${назва_служби}</command>"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:306
+#: sssd.conf.5.xml:321
msgid "NSS configuration options"
msgstr "Параметри налаштування NSS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:308
+#: sssd.conf.5.xml:323
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
@@ -631,12 +657,12 @@ msgstr ""
"Switch (NSS або перемикання служби визначення назв)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:313
+#: sssd.conf.5.xml:328
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316
+#: sssd.conf.5.xml:331
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
@@ -645,17 +671,17 @@ msgstr ""
"кеші nss_sss у секундах"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:335
msgid "Default: 120"
msgstr "Типове значення: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:325
+#: sssd.conf.5.xml:340
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:328
+#: sssd.conf.5.xml:343
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -666,7 +692,7 @@ msgstr ""
"entry_cache_timeout для домену період часу."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:349
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -681,7 +707,7 @@ msgstr ""
"розблокування після оновлення кешу."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:359
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -695,17 +721,17 @@ msgstr ""
"можливість."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:352
+#: sssd.conf.5.xml:367
msgid "Default: 50"
msgstr "Типове значення: 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:357
+#: sssd.conf.5.xml:372
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:375
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -716,17 +742,17 @@ msgstr ""
"даних, зокрема неіснуючих) перед повторним запитом до сервера обробки."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:686 sssd-krb5.5.xml:223
+#: sssd.conf.5.xml:381 sssd.conf.5.xml:768 sssd-krb5.5.xml:223
msgid "Default: 15"
msgstr "Типове значення: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:371
+#: sssd.conf.5.xml:386
msgid "filter_users, filter_groups (string)"
msgstr "filter_users, filter_groups (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:374
+#: sssd.conf.5.xml:389
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -740,17 +766,17 @@ msgstr ""
"списку користувачами лише з певного домену."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:396
msgid "Default: root"
msgstr "Типове значення: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:401
msgid "filter_users_in_groups (bool)"
msgstr "filter_users_in_groups (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:389
+#: sssd.conf.5.xml:404
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
@@ -758,62 +784,62 @@ msgstr ""
"встановіть для цього параметра значення «false»."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398
+#: sssd.conf.5.xml:413
msgid "override_homedir (string)"
msgstr "override_homedir (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:166
+#: sssd.conf.5.xml:422 sssd-krb5.5.xml:166
msgid "%u"
msgstr "%u"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd-krb5.5.xml:167
+#: sssd.conf.5.xml:423 sssd-krb5.5.xml:167
msgid "login name"
msgstr "ім'я користувача"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:411 sssd-krb5.5.xml:170
+#: sssd.conf.5.xml:426 sssd-krb5.5.xml:170
msgid "%U"
msgstr "%U"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:412
+#: sssd.conf.5.xml:427
msgid "UID number"
msgstr "номер UID"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:415 sssd-krb5.5.xml:188
+#: sssd.conf.5.xml:430 sssd-krb5.5.xml:188
msgid "%d"
msgstr "%d"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:416
+#: sssd.conf.5.xml:431
msgid "domain name"
msgstr "назва домену"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:419
+#: sssd.conf.5.xml:434
msgid "%f"
msgstr "%f"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:435
msgid "fully qualified user name (user@domain)"
msgstr "ім’я користувача повністю (користувач@домен)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:423 sssd-krb5.5.xml:200
+#: sssd.conf.5.xml:438 sssd-krb5.5.xml:200
msgid "%%"
msgstr "%%"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424 sssd-krb5.5.xml:201
+#: sssd.conf.5.xml:439 sssd-krb5.5.xml:201
msgid "a literal '%'"
msgstr "символ відсотків («%»)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:401
+#: sssd.conf.5.xml:416
msgid ""
"Override the user's home directory. You can either provide an absolute value "
"or a template. In the template, the following sequences are substituted: "
@@ -824,18 +850,43 @@ msgstr ""
"<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430
+#: sssd.conf.5.xml:445
msgid "This option can also be set per-domain."
msgstr ""
"Значення цього параметра можна встановлювати для кожного з доменів окремо."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:450
+#, fuzzy
+#| msgid "mail_dir (string)"
+msgid "fallback_homedir (string)"
+msgstr "mail_dir (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:453
+msgid ""
+"Set a default template for a user's home directory if one is not specified "
+"explicitly by the domain's data provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:458
+msgid ""
+"The available values for this option are the same as for override_homedir."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:462
+msgid "Default: not set (no substitution for unset home directories)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:468
msgid "allowed_shells (string)"
msgstr "allowed_shells (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
+#: sssd.conf.5.xml:471
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
@@ -843,13 +894,13 @@ msgstr ""
"визначення оболонки є таким:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
+#: sssd.conf.5.xml:474
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
"1. Якщо оболонку вказано у <quote>/etc/shells</quote>, її буде використано."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
+#: sssd.conf.5.xml:478
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
@@ -859,7 +910,7 @@ msgstr ""
"shell_fallback."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:483
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
@@ -868,12 +919,12 @@ msgstr ""
"<quote>/etc/shells</quote>, буде використано оболонку nologin."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:455
+#: sssd.conf.5.xml:488
msgid "An empty string for shell is passed as-is to libc."
msgstr "Порожній рядок оболонки буде передано без обробки до libc."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:458
+#: sssd.conf.5.xml:491
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
@@ -882,29 +933,29 @@ msgstr ""
"тобто у разі встановлення нової оболонки слід перезапустити SSSD."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:462
+#: sssd.conf.5.xml:495
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
"Типове значення: не встановлено. Автоматично використовується оболонка "
"користувача."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:500
msgid "vetoed_shells (string)"
msgstr "vetoed_shells (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:503
msgid "Replace any instance of these shells with the shell_fallback"
msgstr "Замінити всі записи цих оболонок на shell_fallback"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:475
+#: sssd.conf.5.xml:508
msgid "shell_fallback (string)"
msgstr "shell_fallback (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:511
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
@@ -912,17 +963,52 @@ msgstr ""
"системі не встановлено."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
+#: sssd.conf.5.xml:515
msgid "Default: /bin/sh"
msgstr "Типове значення: /bin/sh"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:520
+#, fuzzy
+#| msgid "default_shell (string)"
+msgid "default_shell"
+msgstr "default_shell (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:523
+msgid ""
+"The default shell to use if the provider does not return one during lookup. "
+"This option supercedes any other shell options if it takes effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:528
+msgid ""
+"Default: not set (Return NULL if no shell is specified and rely on libc to "
+"substitute something sensible when necessary, usually /bin/sh)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:535 sssd.conf.5.xml:683
+#, fuzzy
+#| msgid "entry_negative_timeout (integer)"
+msgid "get_domains_timeout (int)"
+msgstr "entry_negative_timeout (ціле число)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:538 sssd.conf.5.xml:686
+msgid ""
+"Specifies time in seconds for which the list of subdomains will be "
+"considered valid."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:489
+#: sssd.conf.5.xml:549
msgid "PAM configuration options"
msgstr "Параметри налаштування PAM"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:491
+#: sssd.conf.5.xml:551
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
@@ -931,12 +1017,12 @@ msgstr ""
"Authentication Module (PAM або блокового модуля розпізнавання)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:556
msgid "offline_credentials_expiration (integer)"
msgstr "offline_credentials_expiration (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:499
+#: sssd.conf.5.xml:559
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
@@ -946,17 +1032,17 @@ msgstr ""
"входу до системи)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504 sssd.conf.5.xml:517
+#: sssd.conf.5.xml:564 sssd.conf.5.xml:577
msgid "Default: 0 (No limit)"
msgstr "Типове значення: 0 (без обмежень)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:570
msgid "offline_failed_login_attempts (integer)"
msgstr "offline_failed_login_attempts (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:513
+#: sssd.conf.5.xml:573
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
@@ -965,12 +1051,12 @@ msgstr ""
"дозволену кількість спроб входу з визначенням помилкового пароля."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:523
+#: sssd.conf.5.xml:583
msgid "offline_failed_login_delay (integer)"
msgstr "offline_failed_login_delay (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:586
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
@@ -980,7 +1066,7 @@ msgstr ""
"системи."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:591
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -992,17 +1078,17 @@ msgstr ""
"увімкнути можливість автономного розпізнавання."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537 sssd.conf.5.xml:590 sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:597 sssd.conf.5.xml:650 sssd.conf.5.xml:1315
msgid "Default: 5"
msgstr "Типове значення: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:603
msgid "pam_verbosity (integer)"
msgstr "pam_verbosity (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:606
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
@@ -1011,43 +1097,43 @@ msgstr ""
"розпізнавання. Чим більшим є значення, тим більше повідомлень буде показано."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:611
msgid "Currently sssd supports the following values:"
msgstr "У поточній версії sssd передбачено підтримку таких значень:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:554
+#: sssd.conf.5.xml:614
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr "<emphasis>0</emphasis>: не показувати жодних повідомлень"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:557
+#: sssd.conf.5.xml:617
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr "<emphasis>1</emphasis>: показувати лише важливі повідомлення"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:621
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr "<emphasis>2</emphasis>: показувати всі інформаційні повідомлення"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:624
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
"<emphasis>3</emphasis>: показувати всі повідомлення та діагностичні дані"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:568 sssd.8.xml:63
+#: sssd.conf.5.xml:628 sssd.8.xml:63
msgid "Default: 1"
msgstr "Типове значення: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:573
+#: sssd.conf.5.xml:633
msgid "pam_id_timeout (integer)"
msgstr "pam_id_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:636
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1058,7 +1144,7 @@ msgstr ""
"що розпізнавання виконується на основі найсвіжіших даних."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
+#: sssd.conf.5.xml:642
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1072,18 +1158,18 @@ msgstr ""
"надання даних профілів."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:656
msgid "pam_pwd_expiration_warning (integer)"
msgstr "pam_pwd_expiration_warning (ціле число)"
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:659 sssd.conf.5.xml:972
msgid "Display a warning N days before the password expires."
msgstr ""
"Показати попередження за вказану кількість днів перед завершенням дії пароля."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:662
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1093,28 +1179,42 @@ msgstr ""
"дії пароля. Якщо ці дані не буде виявлено, sssd не зможе показати "
"попередження."
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:668 sssd.conf.5.xml:975
+msgid ""
+"If zero is set, then this filter is not applied, i.e. if the expiration "
+"warning was received from backend server, it will automatically be displayed."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:608
-msgid "Default: 7"
-msgstr "Типове значення: 7"
+#: sssd.conf.5.xml:673
+msgid ""
+"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
+"emphasis> for a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:678 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Типове значення: 0"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:616
+#: sssd.conf.5.xml:698
msgid "SUDO configuration options"
msgstr "Параметри налаштування SUDO"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:618
+#: sssd.conf.5.xml:700
msgid "These options can be used to configure the sudo service."
msgstr "Цими параметрами можна скористатися для налаштування служби sudo."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:707
msgid "sudo_cache_timeout (integer)"
msgstr "sudo_cache_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:710
msgid ""
"For any sudo request that comes while SSSD is online, the SSSD will attempt "
"to update the cached rules in order to ensure that sudo has the latest "
@@ -1125,7 +1225,7 @@ msgstr ""
"використання у sudo найсвіжішого набору правил."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:716
msgid ""
"The user may, however, run a couple of sudo commands successively, which "
"would trigger multiple LDAP requests. In order to speed up this use-case, "
@@ -1139,7 +1239,7 @@ msgstr ""
"відповідей."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:641
+#: sssd.conf.5.xml:723
msgid ""
"This option controls how long (in seconds) can the sudo service cache rules "
"for a user."
@@ -1148,17 +1248,17 @@ msgstr ""
"зберігання службою sudo паролів у кеші."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:727
msgid "Default: 180"
msgstr "Типове значення: 180"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:732
msgid "sudo_timed (bool)"
msgstr "sudo_timed (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:735
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
@@ -1167,22 +1267,22 @@ msgstr ""
"призначені для визначення часових обмежень для записів sudoers."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:748
msgid "AUTOFS configuration options"
msgstr "Параметри налаштування AUTOFS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:750
msgid "These options can be used to configure the autofs service."
msgstr "Цими параметрами можна скористатися для налаштування служби autofs."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:676
+#: sssd.conf.5.xml:758
msgid "autofs_negative_timeout (integer)"
msgstr "autofs_negative_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:679
+#: sssd.conf.5.xml:761
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1192,18 +1292,46 @@ msgstr ""
"негативні результати пошуку у кеші (тобто запити щодо некоректних записів у "
"базі даних, зокрема неіснуючих) перед повторним запитом до сервера обробки."
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:776
+#, fuzzy
+#| msgid "NSS configuration options"
+msgid "SSH configuration options"
+msgstr "Параметри налаштування NSS"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:778
+#, fuzzy
+#| msgid "These options can be used to configure the sudo service."
+msgid "These options can be used to configure the SSH service."
+msgstr "Цими параметрами можна скористатися для налаштування служби sudo."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:786
+#, fuzzy
+#| msgid "sss_ssh_knownhostsproxy"
+msgid "ssh_hash_known_hosts (bool)"
+msgstr "sss_ssh_knownhostsproxy"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:789
+msgid ""
+"Whether or not to hash host names and adresses in the managed known_hosts "
+"file."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:803
msgid "DOMAIN SECTIONS"
msgstr "РОЗДІЛИ ДОМЕНІВ"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:810
msgid "min_id,max_id (integer)"
msgstr "min_id,max_id (ціле значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:706
+#: sssd.conf.5.xml:813
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
@@ -1212,7 +1340,7 @@ msgstr ""
"відповідає цим обмеженням, його буде проігноровано."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:711
+#: sssd.conf.5.xml:818
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1225,36 +1353,17 @@ msgstr ""
"основної групи і належать діапазону, буде виведено у звичайному режимі."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:825
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "Типові значення: 1 для min_id, 0 (без обмежень) для max_id"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
-msgid "timeout (integer)"
-msgstr "timeout (ціле число)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
-msgid ""
-"Timeout in seconds between heartbeats for this domain. This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-"Часовий проміжок у секундах для тактів цього домену. Використовується для "
-"забезпечення роботи процесу основного модуля, який має відповідати на запити."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr "Типове значення: 10"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:738
+#: sssd.conf.5.xml:831
msgid "enumerate (bool)"
msgstr "enumerate (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:834
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
@@ -1263,22 +1372,22 @@ msgstr ""
"значень:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:745
+#: sssd.conf.5.xml:838
msgid "TRUE = Users and groups are enumerated"
msgstr "TRUE = користувачі і групи нумеруються"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:841
msgid "FALSE = No enumerations for this domain"
msgstr "FALSE = не використовувати нумерацію для цього домену"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:856 sssd.conf.5.xml:910
+#: sssd.conf.5.xml:844 sssd.conf.5.xml:949 sssd.conf.5.xml:1031
msgid "Default: FALSE"
msgstr "Типове значення: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:754
+#: sssd.conf.5.xml:847
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1293,7 +1402,7 @@ msgstr ""
"системи виконанням нумерації."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:764
+#: sssd.conf.5.xml:857
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
@@ -1303,7 +1412,7 @@ msgstr ""
"завершено."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:862
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1317,12 +1426,12 @@ msgstr ""
"відповідного використаного засобу обробки ідентифікаторів (id_provider)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:873
msgid "entry_cache_timeout (integer)"
msgstr "entry_cache_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:876
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
@@ -1331,17 +1440,17 @@ msgstr ""
"надсилати повторний запит до сервера"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:880
msgid "Default: 5400"
msgstr "Типове значення: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:886
msgid "entry_cache_user_timeout (integer)"
msgstr "entry_cache_user_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796
+#: sssd.conf.5.xml:889
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
@@ -1350,18 +1459,18 @@ msgstr ""
"чинними, перш ніж надсилати повторний запит до сервера"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800 sssd.conf.5.xml:813 sssd.conf.5.xml:826
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:893 sssd.conf.5.xml:906 sssd.conf.5.xml:919
+#: sssd.conf.5.xml:932
msgid "Default: entry_cache_timeout"
msgstr "Типове значення: entry_cache_timeout"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:899
msgid "entry_cache_group_timeout (integer)"
msgstr "entry_cache_group_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:902
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
@@ -1370,12 +1479,12 @@ msgstr ""
"ніж надсилати повторний запит до сервера"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:819
+#: sssd.conf.5.xml:912
msgid "entry_cache_netgroup_timeout (integer)"
msgstr "entry_cache_netgroup_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:915
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
@@ -1384,12 +1493,12 @@ msgstr ""
"чинними, перш ніж надсилати повторний запит до сервера"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:925
msgid "entry_cache_service_timeout (integer)"
msgstr "entry_cache_service_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:928
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
@@ -1398,31 +1507,31 @@ msgstr ""
"ніж надсилати повторний запит до сервера"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:938
msgid "cache_credentials (bool)"
msgstr "cache_credentials (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:941
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
"Визначає, чи слід також кешувати реєстраційні дані користувача у локальному "
"кеші LDB"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:945
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
"Реєстраційні дані користувача зберігаються у форматі хешу SHA512, а не у "
"форматі звичайного тексту"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:861
+#: sssd.conf.5.xml:954
msgid "account_cache_expiration (integer)"
msgstr "account_cache_expiration (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:957
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1435,47 +1544,85 @@ msgstr ""
"offline_credentials_expiration."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:964
msgid "Default: 0 (unlimited)"
msgstr "Типове значення: 0 (без обмежень)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:969
+#, fuzzy
+#| msgid "pam_pwd_expiration_warning (integer)"
+msgid "pwd_expiration_warning (integer)"
+msgstr "pam_pwd_expiration_warning (ціле число)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:980
+#, fuzzy
+#| msgid ""
+#| "Please note that the backend server has to provide information about the "
+#| "expiration time of the password. If this information is missing, sssd "
+#| "cannot display a warning."
+msgid ""
+"Please note that the backend server has to provide information about the "
+"expiration time of the password. If this information is missing, sssd "
+"cannot display a warning. Also an auth provider has to be configured for the "
+"backend."
+msgstr ""
+"Будь ласка, зауважте, що сервер обробки має надати дані щодо часу завершення "
+"дії пароля. Якщо ці дані не буде виявлено, sssd не зможе показати "
+"попередження."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:987
+#, fuzzy
+#| msgid "Default: memberHost"
+msgid "Default: 7 (Kerberos), 0 (LDAP)"
+msgstr "Типове значення: memberHost"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:993
msgid "id_provider (string)"
msgstr "id_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:880
+#: sssd.conf.5.xml:996
msgid "The Data Provider identity backend to use for this domain."
msgstr "Модуль надання даних щодо профілів користувачів для цього домену."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:1000
msgid "Supported backends:"
msgstr "Підтримувані модулі:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:887
+#: sssd.conf.5.xml:1003
msgid "proxy: Support a legacy NSS provider"
msgstr "proxy: підтримка застарілого модуля надання даних NSS"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:890
+#: sssd.conf.5.xml:1006
msgid "local: SSSD internal local provider"
msgstr "local: вбудований модуль надання локальних даних SSSD"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:1009
msgid "ldap: LDAP provider"
msgstr "ldap: модуль надання даних LDAP"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:899
+#: sssd.conf.5.xml:1015
msgid "use_fully_qualified_names (bool)"
msgstr "use_fully_qualified_names (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:1018
+msgid ""
+"Use the full name and domain (as formatted by the domain's full_name_format) "
+"as the user's login name reported to NSS."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1023
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1488,12 +1635,12 @@ msgstr ""
"не покаже користувача, а <command>getent passwd test@LOCAL</command> покаже."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:915
+#: sssd.conf.5.xml:1036
msgid "auth_provider (string)"
msgstr "auth_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:918
+#: sssd.conf.5.xml:1039
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
@@ -1502,7 +1649,7 @@ msgstr ""
"служб розпізнавання:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
+#: sssd.conf.5.xml:1043
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1514,7 +1661,7 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:929
+#: sssd.conf.5.xml:1050
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1526,18 +1673,18 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:1057
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr "<quote>proxy</quote> — трансльоване розпізнавання у іншій системі PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1060
msgid "<quote>none</quote> disables authentication explicitly."
msgstr "<quote>none</quote> — вимкнути розпізнавання повністю."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1063
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
@@ -1546,12 +1693,12 @@ msgstr ""
"спосіб встановлено і можлива обробка запитів щодо розпізнавання."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:1069
msgid "access_provider (string)"
msgstr "access_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:951
+#: sssd.conf.5.xml:1072
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1562,17 +1709,19 @@ msgstr ""
"Вбудованими програмами є:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
-msgid "<quote>permit</quote> always allow access."
-msgstr "<quote>permit</quote> — завжди дозволяти доступ."
+#: sssd.conf.5.xml:1078
+msgid ""
+"<quote>permit</quote> always allow access. It's the only permitted access "
+"provider for a local domain."
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:960
+#: sssd.conf.5.xml:1081
msgid "<quote>deny</quote> always deny access."
msgstr "<quote>deny</quote> — завжди забороняти доступ."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1084
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1585,17 +1734,17 @@ msgstr ""
"refentrytitle> <manvolnum>5</manvolnum></citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1091
msgid "Default: <quote>permit</quote>"
msgstr "Типове значення: <quote>permit</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1096
msgid "chpass_provider (string)"
msgstr "chpass_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:978
+#: sssd.conf.5.xml:1099
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
@@ -1604,7 +1753,7 @@ msgstr ""
"підтримку таких систем зміни паролів:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1104
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1616,7 +1765,7 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:991
+#: sssd.conf.5.xml:1112
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1628,7 +1777,7 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1120
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1640,18 +1789,18 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1007
+#: sssd.conf.5.xml:1128
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr "<quote>proxy</quote> — трансльована зміна пароля у іншій системі PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1011
+#: sssd.conf.5.xml:1132
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr "<quote>none</quote> — явно вимкнути можливість зміни пароля."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1135
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
@@ -1660,19 +1809,19 @@ msgstr ""
"цього параметра і якщо система здатна обробляти запити щодо паролів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1021
+#: sssd.conf.5.xml:1142
msgid "sudo_provider (string)"
msgstr "sudo_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1148
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
"Служба SUDO, яку використано для цього домену. Серед підтримуваних служб "
"SUDO:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1031
+#: sssd.conf.5.xml:1152
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1684,24 +1833,24 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
+#: sssd.conf.5.xml:1159
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr "<quote>none</quote> явним чином вимикає SUDO."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1041
+#: sssd.conf.5.xml:1162 sssd.conf.5.xml:1246 sssd.conf.5.xml:1271
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
"Типове значення: використовується значення <quote>id_provider</quote>, якщо "
"його встановлено."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1047
+#: sssd.conf.5.xml:1168
msgid "session_provider (string)"
msgstr "session_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1171
msgid ""
"The provider which should handle loading of session settings. Supported "
"session providers are:"
@@ -1710,7 +1859,7 @@ msgstr ""
"підтримуваних служб сеансів:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1055
+#: sssd.conf.5.xml:1176
msgid ""
"<quote>ipa</quote> to load session settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1722,14 +1871,14 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1184
msgid "<quote>none</quote> disallows fetching session settings explicitly."
msgstr ""
"<quote>none</quote> явним чином забороняє отримання даних щодо параметрів "
"сеансу."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1187
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"session loading requests."
@@ -1738,12 +1887,136 @@ msgstr ""
"спосіб встановлено і можлива обробка запитів щодо завантаження сеансу."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1193
+#, fuzzy
+#| msgid "sudo_provider (string)"
+msgid "subdomains_provider (string)"
+msgstr "sudo_provider (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1196
+#, fuzzy
+#| msgid ""
+#| "The provider which should handle loading of session settings. Supported "
+#| "session providers are:"
+msgid ""
+"The provider which should handle fetching of subdomains. This value should "
+"be always the same as id_provider. Supported subdomain providers are:"
+msgstr ""
+"Служба, яка має обробляти завантаження параметрів сеансу. Серед "
+"підтримуваних служб сеансів:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1201
+#, fuzzy
+#| msgid ""
+#| "<quote>ipa</quote> to load session settings from an IPA server. See "
+#| "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> for more information on configuring IPA."
+msgid ""
+"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+"<quote>ipa</quote> для завантаження параметрів сеансів з сервера IPA. "
+"Докладніші відомості щодо налаштування IPA викладено у довіднику з "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1209
+#, fuzzy
+#| msgid "<quote>none</quote> disallows fetching session settings explicitly."
+msgid "<quote>none</quote> disallows fetching subdomains explicitly."
+msgstr ""
+"<quote>none</quote> явним чином забороняє отримання даних щодо параметрів "
+"сеансу."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1212 sssd-ldap.5.xml:1499
+msgid "Default: none"
+msgstr "Типове значення: none"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1218
+msgid "autofs_provider (string)"
+msgstr "autofs_provider (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1224
+msgid ""
+"The autofs provider used for the domain. Supported autofs providers are:"
+msgstr ""
+"Служба autofs, яку використано для цього домену. Серед підтримуваних служб "
+"autofs:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1228
+msgid ""
+"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring LDAP."
+msgstr ""
+"<quote>ldap</quote> — завантажити карти, що зберігаються у LDAP. Докладніше "
+"про налаштовування LDAP можна дізнатися з довідки до <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1235
+msgid ""
+"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
+"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring IPA."
+msgstr ""
+"<quote>ipa</quote> — завантажити карти, що зберігається на сервері IPA. "
+"Докладніші відомості щодо налаштування IPA викладено у довіднику з "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum></"
+"manvolnum> </citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1243
+msgid "<quote>none</quote> disables autofs explicitly."
+msgstr "<quote>none</quote> вимикає autofs повністю."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1253
+msgid "hostid_provider (string)"
+msgstr "hostid_provider (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1256
+msgid ""
+"The provider used for retrieving host identity information. Supported "
+"hostid providers are:"
+msgstr ""
+"Засіб надання даних, який використовується для отримання даних щодо профілю "
+"вузла. Серед підтримуваних засобів надання hostid:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1260
+msgid ""
+"<quote>ipa</quote> to load host identity stored in an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+"<quote>ipa</quote> — завантажити профіль системи, що зберігається на сервері "
+"IPA. Докладніші відомості щодо налаштування IPA викладено у довіднику з "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum></"
+"manvolnum> </citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1268
+msgid "<quote>none</quote> disables hostid explicitly."
+msgstr "<quote>none</quote> вимикає hostid повністю."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1278
msgid "lookup_family_order (string)"
msgstr "lookup_family_order (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1076
+#: sssd.conf.5.xml:1281
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
@@ -1752,48 +2025,48 @@ msgstr ""
"під час виконання пошуків у DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1285
msgid "Supported values:"
msgstr "Передбачено підтримку таких значень:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1083
+#: sssd.conf.5.xml:1288
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
"ipv4_first: спробувати визначити адресу у форматі IPv4, у разі невдачі "
"спробувати формат IPv6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1291
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
"ipv4_only: намагатися визначити назви вузлів лише у форматі адрес IPv4."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1294
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
"ipv6_first: спробувати визначити адресу у форматі IPv6, у разі невдачі "
"спробувати формат IPv4"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1092
+#: sssd.conf.5.xml:1297
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
"ipv6_only: намагатися визначити назви вузлів лише у форматі адрес IPv6."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1095
+#: sssd.conf.5.xml:1300
msgid "Default: ipv4_first"
msgstr "Типове значення: ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1306
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1104
+#: sssd.conf.5.xml:1309
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1804,12 +2077,12 @@ msgstr ""
"очікування буде перевищено, домен продовжуватиме роботу у автономному режимі."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1321
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1324
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
@@ -1818,28 +2091,28 @@ msgstr ""
"частину запиту визначення служб DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1328
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
"Типова поведінка: використовувати назву домену з назви вузла комп’ютера."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1129
+#: sssd.conf.5.xml:1334
msgid "override_gid (integer)"
msgstr "override_gid (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1337
msgid "Override the primary GID value with the one specified."
msgstr "Замірити значення основного GID на вказане."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1138
+#: sssd.conf.5.xml:1343
msgid "case_sensitive (boolean)"
msgstr "case_sensitive (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1346
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
@@ -1848,12 +2121,52 @@ msgstr ""
"версії підтримку передбачено лише для локальних надавачів даних."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1351
msgid "Default: True"
msgstr "Типове значення: True"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1357
+msgid "proxy_fast_alias (boolean)"
+msgstr "proxy_fast_alias (булеве значення)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1360
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+"Під час пошуку запису користувача чи групи за назвою у системі надання даних "
+"переадресації виконується вторинний пошук за ідентифікатором з метою "
+"визначення «канонічної» форми назви, якщо результат знайдено за "
+"альтернативною назвою (псевдонімом). Встановлення для цього параметра "
+"значення «true» призведе до того, що SSSD виконуватиме пошук ідентифікатора "
+"у кеші, щоб пришвидшити надання результатів."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1374
+#, fuzzy
+#| msgid "override_homedir (string)"
+msgid "subdomain_homedir (string)"
+msgstr "override_homedir (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1377
+msgid ""
+"Use this homedir as default value for all subdomains within this domain. See "
+"<emphasis>override_homedir</emphasis> for info about possible values."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1382
+msgid ""
+"The value can be overridden by <emphasis>override_homedir</emphasis> option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:805
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1864,17 +2177,17 @@ msgstr ""
"quote> <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1395
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1398
msgid "The proxy target PAM proxies to."
msgstr "Комп’ютер, для якого виконує проксі-сервер PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1401
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
@@ -1883,12 +2196,12 @@ msgstr ""
"налаштуваннями pam або створити нові і тут додати назву служби."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1409
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1412
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1899,7 +2212,7 @@ msgstr ""
"наприклад _nss_files_getpwent."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1154
+#: sssd.conf.5.xml:1391
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
@@ -1908,12 +2221,12 @@ msgstr ""
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1187
+#: sssd.conf.5.xml:1424
msgid "The local domain section"
msgstr "Розділ локального домену"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1426
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1924,29 +2237,29 @@ msgstr ""
"використовує <replaceable>id_provider=local</replaceable>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1433
msgid "default_shell (string)"
msgstr "default_shell (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1436
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
"Типова оболонка для записів користувачів, створених за допомогою "
"інструментів простору користувачів SSSD."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1440
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Типове значення: <filename>/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1445
msgid "base_directory (string)"
msgstr "base_directory (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211
+#: sssd.conf.5.xml:1448
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
@@ -1955,17 +2268,17 @@ msgstr ""
"replaceable> і використовують отриману адресу як адресу домашнього каталогу."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1453
msgid "Default: <filename>/home</filename>"
msgstr "Типове значення: <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1221
+#: sssd.conf.5.xml:1458
msgid "create_homedir (bool)"
msgstr "create_homedir (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1224
+#: sssd.conf.5.xml:1461
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
@@ -1974,17 +2287,17 @@ msgstr ""
"Може бути перевизначено з командного рядка."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1228 sssd.conf.5.xml:1240
+#: sssd.conf.5.xml:1465 sssd.conf.5.xml:1477
msgid "Default: TRUE"
msgstr "Типове значення: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1470
msgid "remove_homedir (bool)"
msgstr "remove_homedir (булівське значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1473
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
@@ -1993,12 +2306,12 @@ msgstr ""
"користувачів. Може бути перевизначено з командного рядка."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1245
+#: sssd.conf.5.xml:1482
msgid "homedir_umask (integer)"
msgstr "homedir_umask (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1248
+#: sssd.conf.5.xml:1485
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2009,17 +2322,17 @@ msgstr ""
"до щойно створеного домашнього каталогу."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1256
+#: sssd.conf.5.xml:1493
msgid "Default: 077"
msgstr "Типове значення: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1498
msgid "skel_dir (string)"
msgstr "skel_dir (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1501
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2032,17 +2345,17 @@ msgstr ""
"<manvolnum>8</manvolnum> </citerefentry>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1274
+#: sssd.conf.5.xml:1511
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Типове значення: <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1516
msgid "mail_dir (string)"
msgstr "mail_dir (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1519
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2053,17 +2366,17 @@ msgstr ""
"каталог не вказано, буде використано типове значення."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1289
+#: sssd.conf.5.xml:1526
msgid "Default: <filename>/var/mail</filename>"
msgstr "Типове значення: <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1531
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1297
+#: sssd.conf.5.xml:1534
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2074,18 +2387,18 @@ msgstr ""
"вилучається. Код виконання, повернутий програмою не обробляється."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1540
msgid "Default: None, no command is run"
msgstr "Типове значення: None, не виконувати жодних команд"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1313 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1550 sssd-ldap.5.xml:2145 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:563 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr "ПРИКЛАД"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1319
+#: sssd.conf.5.xml:1556
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2139,7 +2452,7 @@ msgstr ""
"enumerate = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1552
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2151,7 +2464,7 @@ msgstr ""
"щодо налаштування доменів. <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1587
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -2410,16 +2723,28 @@ msgstr "ldap_schema (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:161
+#, fuzzy
+#| msgid ""
+#| "Specifies the Schema Type in use on the target LDAP server. Depending on "
+#| "the selected schema, the default attribute names retrieved from the "
+#| "servers may vary. The way that some attributes are handled may also "
+#| "differ. Three schema types are currently supported: rfc2307 rfc2307bis "
+#| "IPA The main difference between these schema types is how group "
+#| "memberships are recorded in the server. With rfc2307, group members are "
+#| "listed by name in the <emphasis>memberUid</emphasis> attribute. With "
+#| "rfc2307bis and IPA, group members are listed by DN and stored in the "
+#| "<emphasis>member</emphasis> attribute."
msgid ""
"Specifies the Schema Type in use on the target LDAP server. Depending on "
"the selected schema, the default attribute names retrieved from the servers "
-"may vary. The way that some attributes are handled may also differ. Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
+"may vary. The way that some attributes are handled may also differ. Four "
+"schema types are currently supported: rfc2307 rfc2307bis IPA AD The main "
"difference between these schema types is how group memberships are recorded "
"in the server. With rfc2307, group members are listed by name in the "
"<emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, group "
"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
+"attribute. The AD schema type sets the attributes to correspond with Active "
+"Directory 2008r2 values."
msgstr ""
"Визначає тип схеми, який використовується на сервері LDAP призначення. "
"Залежно від вибраної схеми може змінюватися перелік типових назв атрибутів, "
@@ -2432,59 +2757,59 @@ msgstr ""
"сам список зберігатиметься у атрибуті <emphasis>member</emphasis>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
+#: sssd-ldap.5.xml:183
msgid "Default: rfc2307"
msgstr "Типове значення: rfc2307"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
+#: sssd-ldap.5.xml:189
msgid "ldap_default_bind_dn (string)"
msgstr "ldap_default_bind_dn (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
+#: sssd-ldap.5.xml:192
msgid "The default bind DN to use for performing LDAP operations."
msgstr ""
"Типова назва домену прив’язки, яку слід використовувати для виконання дій "
"LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
+#: sssd-ldap.5.xml:199
msgid "ldap_default_authtok_type (string)"
msgstr "ldap_default_authtok_type (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
+#: sssd-ldap.5.xml:202
msgid "The type of the authentication token of the default bind DN."
msgstr "Тип розпізнавання для типової назви сервера прив’язки."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
+#: sssd-ldap.5.xml:206
msgid "The two mechanisms currently supported are:"
msgstr "У поточній версії передбачено підтримку двох механізмів:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
+#: sssd-ldap.5.xml:209
msgid "password"
msgstr "password"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
+#: sssd-ldap.5.xml:212
msgid "obfuscated_password"
msgstr "obfuscated_password"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
+#: sssd-ldap.5.xml:215
msgid "Default: password"
msgstr "Типове значення: password"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
+#: sssd-ldap.5.xml:221
msgid "ldap_default_authtok (string)"
msgstr "ldap_default_authtok (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
+#: sssd-ldap.5.xml:224
msgid ""
"The authentication token of the default bind DN. Only clear text passwords "
"are currently supported."
@@ -2493,133 +2818,155 @@ msgstr ""
"передбачено підтримку лише паролів у форматі звичайного тексту."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
+#: sssd-ldap.5.xml:231
msgid "ldap_user_object_class (string)"
msgstr "ldap_user_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
+#: sssd-ldap.5.xml:234
msgid "The object class of a user entry in LDAP."
msgstr "Клас об’єктів запису користувача у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
+#: sssd-ldap.5.xml:237
msgid "Default: posixAccount"
msgstr "Типове значення: posixAccount"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
+#: sssd-ldap.5.xml:243
msgid "ldap_user_name (string)"
msgstr "ldap_user_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
+#: sssd-ldap.5.xml:246
msgid "The LDAP attribute that corresponds to the user's login name."
msgstr "Атрибут LDAP, що відповідає назві облікового запису користувача."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
+#: sssd-ldap.5.xml:250
msgid "Default: uid"
msgstr "Типове значення: uid"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
+#: sssd-ldap.5.xml:256
msgid "ldap_user_uid_number (string)"
msgstr "ldap_user_uid_number (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
+#: sssd-ldap.5.xml:259
msgid "The LDAP attribute that corresponds to the user's id."
msgstr "Атрибут LDAP, що відповідає ідентифікатору користувача."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
+#: sssd-ldap.5.xml:263
msgid "Default: uidNumber"
msgstr "Типове значення: uidNumber"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
+#: sssd-ldap.5.xml:269
msgid "ldap_user_gid_number (string)"
msgstr "ldap_user_gid_number (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
+#: sssd-ldap.5.xml:272
msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr "Атрибут LDAP, що відповідає ідентифікатору основної групи користувача."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
+#: sssd-ldap.5.xml:276 sssd-ldap.5.xml:758
msgid "Default: gidNumber"
msgstr "Типове значення: gidNumber"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
+#: sssd-ldap.5.xml:282
msgid "ldap_user_gecos (string)"
msgstr "ldap_user_gecos (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
+#: sssd-ldap.5.xml:285
msgid "The LDAP attribute that corresponds to the user's gecos field."
msgstr "Атрибут LDAP, що відповідає полю gecos користувача."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
+#: sssd-ldap.5.xml:289
msgid "Default: gecos"
msgstr "Типове значення: gecos"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
+#: sssd-ldap.5.xml:295
msgid "ldap_user_home_directory (string)"
msgstr "ldap_user_home_directory (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
+#: sssd-ldap.5.xml:298
msgid "The LDAP attribute that contains the name of the user's home directory."
msgstr "Атрибут LDAP, що містить назву домашнього каталогу користувача."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
+#: sssd-ldap.5.xml:302
msgid "Default: homeDirectory"
msgstr "Типове значення: homeDirectory"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
+#: sssd-ldap.5.xml:308
msgid "ldap_user_shell (string)"
msgstr "ldap_user_shell (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
+#: sssd-ldap.5.xml:311
msgid "The LDAP attribute that contains the path to the user's default shell."
msgstr ""
"Атрибут LDAP, що містить шлях до типової командної оболонки користувача."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
+#: sssd-ldap.5.xml:315
msgid "Default: loginShell"
msgstr "Типове значення: loginShell"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
+#: sssd-ldap.5.xml:321
msgid "ldap_user_uuid (string)"
msgstr "ldap_user_uuid (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
+#: sssd-ldap.5.xml:324
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта користувача LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
+#: sssd-ldap.5.xml:328 sssd-ldap.5.xml:784 sssd-ldap.5.xml:911
msgid "Default: nsUniqueId"
msgstr "Типове значення: nsUniqueId"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
+#: sssd-ldap.5.xml:334
+#, fuzzy
+#| msgid "ldap_user_object_class (string)"
+msgid "ldap_user_objectsid (string)"
+msgstr "ldap_user_object_class (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:337
+#, fuzzy
+#| msgid ""
+#| "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP user object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта користувача LDAP."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:342 sssd-ldap.5.xml:798
+msgid "Default: objectSid for ActiveDirectory, not set for other servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:349
msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
+#: sssd-ldap.5.xml:352 sssd-ldap.5.xml:808 sssd-ldap.5.xml:920
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
@@ -2628,17 +2975,17 @@ msgstr ""
"об’єкта."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
+#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:812 sssd-ldap.5.xml:927
msgid "Default: modifyTimestamp"
msgstr "Типове значення: modifyTimestamp"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
+#: sssd-ldap.5.xml:362
msgid "ldap_user_shadow_last_change (string)"
msgstr "ldap_user_shadow_last_change (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
+#: sssd-ldap.5.xml:365
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2651,17 +2998,17 @@ msgstr ""
"citerefentry> (дати останньої зміни пароля)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
+#: sssd-ldap.5.xml:375
msgid "Default: shadowLastChange"
msgstr "Типове значення: shadowLastChange"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
+#: sssd-ldap.5.xml:381
msgid "ldap_user_shadow_min (string)"
msgstr "ldap_user_shadow_min (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
+#: sssd-ldap.5.xml:384
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2674,17 +3021,17 @@ msgstr ""
"citerefentry> (мінімального віку пароля)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
+#: sssd-ldap.5.xml:393
msgid "Default: shadowMin"
msgstr "Типове значення: shadowMin"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
+#: sssd-ldap.5.xml:399
msgid "ldap_user_shadow_max (string)"
msgstr "ldap_user_shadow_max (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
+#: sssd-ldap.5.xml:402
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2697,17 +3044,17 @@ msgstr ""
"citerefentry> (максимального віку пароля)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
+#: sssd-ldap.5.xml:411
msgid "Default: shadowMax"
msgstr "Типове значення: shadowMax"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
+#: sssd-ldap.5.xml:417
msgid "ldap_user_shadow_warning (string)"
msgstr "ldap_user_shadow_warning (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
+#: sssd-ldap.5.xml:420
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2720,17 +3067,17 @@ msgstr ""
"citerefentry> (проміжку попередження щодо пароля)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
+#: sssd-ldap.5.xml:430
msgid "Default: shadowWarning"
msgstr "Типове значення: shadowWarning"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
+#: sssd-ldap.5.xml:436
msgid "ldap_user_shadow_inactive (string)"
msgstr "ldap_user_shadow_inactive (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
+#: sssd-ldap.5.xml:439
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2743,17 +3090,17 @@ msgstr ""
"citerefentry> (тривалості періоду невикористання пароля)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
+#: sssd-ldap.5.xml:449
msgid "Default: shadowInactive"
msgstr "Типове значення: shadowInactive"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
+#: sssd-ldap.5.xml:455
msgid "ldap_user_shadow_expire (string)"
msgstr "ldap_user_shadow_expire (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
+#: sssd-ldap.5.xml:458
msgid ""
"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
"parameter contains the name of an LDAP attribute corresponding to its "
@@ -2767,17 +3114,17 @@ msgstr ""
"строку дії пароля)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
+#: sssd-ldap.5.xml:468
msgid "Default: shadowExpire"
msgstr "Типове значення: shadowExpire"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
+#: sssd-ldap.5.xml:474
msgid "ldap_user_krb_last_pwd_change (string)"
msgstr "ldap_user_krb_last_pwd_change (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
+#: sssd-ldap.5.xml:477
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time of last password change in "
@@ -2788,17 +3135,17 @@ msgstr ""
"у kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
+#: sssd-ldap.5.xml:483
msgid "Default: krbLastPwdChange"
msgstr "Типове значення: krbLastPwdChange"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
+#: sssd-ldap.5.xml:489
msgid "ldap_user_krb_password_expiration (string)"
msgstr "ldap_user_krb_password_expiration (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
+#: sssd-ldap.5.xml:492
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time when current password expires."
@@ -2808,17 +3155,17 @@ msgstr ""
"поточного пароля."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
+#: sssd-ldap.5.xml:498
msgid "Default: krbPasswordExpiration"
msgstr "Типове значення: krbPasswordExpiration"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
+#: sssd-ldap.5.xml:504
msgid "ldap_user_ad_account_expires (string)"
msgstr "ldap_user_ad_account_expires (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
+#: sssd-ldap.5.xml:507
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the expiration time of the account."
@@ -2828,17 +3175,17 @@ msgstr ""
"облікового запису."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
+#: sssd-ldap.5.xml:512
msgid "Default: accountExpires"
msgstr "Типове значення: accountExpires"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
+#: sssd-ldap.5.xml:518
msgid "ldap_user_ad_user_account_control (string)"
msgstr "ldap_user_ad_user_account_control (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
+#: sssd-ldap.5.xml:521
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the user account control bit field."
@@ -2848,17 +3195,17 @@ msgstr ""
"облікового запису користувача."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
+#: sssd-ldap.5.xml:526
msgid "Default: userAccountControl"
msgstr "Типове значення: userAccountControl"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
+#: sssd-ldap.5.xml:532
msgid "ldap_ns_account_lock (string)"
msgstr "ldap_ns_account_lock (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
+#: sssd-ldap.5.xml:535
msgid ""
"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
"determines if access is allowed or not."
@@ -2867,17 +3214,17 @@ msgstr ""
"цей параметр визначає, заборонено чи дозволено доступ."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
+#: sssd-ldap.5.xml:540
msgid "Default: nsAccountLock"
msgstr "Типове значення: nsAccountLock"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
+#: sssd-ldap.5.xml:546
msgid "ldap_user_nds_login_disabled (string)"
msgstr "ldap_user_nds_login_disabled (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
+#: sssd-ldap.5.xml:549
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines if "
"access is allowed or not."
@@ -2886,17 +3233,17 @@ msgstr ""
"чи заборонено доступ."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
+#: sssd-ldap.5.xml:553 sssd-ldap.5.xml:567
msgid "Default: loginDisabled"
msgstr "Типове значення: loginDisabled"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
+#: sssd-ldap.5.xml:559
msgid "ldap_user_nds_login_expiration_time (string)"
msgstr "ldap_user_nds_login_expiration_time (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
+#: sssd-ldap.5.xml:562
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines until "
"which date access is granted."
@@ -2905,12 +3252,12 @@ msgstr ""
"якої надано доступ."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
+#: sssd-ldap.5.xml:573
msgid "ldap_user_nds_login_allowed_time_map (string)"
msgstr "ldap_user_nds_login_allowed_time_map (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
+#: sssd-ldap.5.xml:576
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines the "
"hours of a day in a week when access is granted."
@@ -2919,17 +3266,17 @@ msgstr ""
"тижня, коли надається доступ."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
+#: sssd-ldap.5.xml:581
msgid "Default: loginAllowedTimeMap"
msgstr "Типове значення: loginAllowedTimeMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
+#: sssd-ldap.5.xml:587
msgid "ldap_user_principal (string)"
msgstr "ldap_user_principal (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
+#: sssd-ldap.5.xml:590
msgid ""
"The LDAP attribute that contains the user's Kerberos User Principal Name "
"(UPN)."
@@ -2937,27 +3284,27 @@ msgstr ""
"Атрибут LDAP, що містить Kerberos User Principal Name (UPN) користувача."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
+#: sssd-ldap.5.xml:594
msgid "Default: krbPrincipalName"
msgstr "Типове значення: krbPrincipalName"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
+#: sssd-ldap.5.xml:600
msgid "ldap_user_ssh_public_key (string)"
msgstr "ldap_user_ssh_public_key (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
+#: sssd-ldap.5.xml:603
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr "Атрибут LDAP, який містить відкриті ключі SSH користувача."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
+#: sssd-ldap.5.xml:610
msgid "ldap_force_upper_case_realm (boolean)"
msgstr "ldap_force_upper_case_realm (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
+#: sssd-ldap.5.xml:613
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -2971,12 +3318,12 @@ msgstr ""
"області у верхньому регістрі."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
+#: sssd-ldap.5.xml:626
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr "ldap_enumeration_refresh_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
+#: sssd-ldap.5.xml:629
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
@@ -2985,17 +3332,17 @@ msgstr ""
"свого кешу нумерованих записів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:634 sssd-ldap.5.xml:1887
msgid "Default: 300"
msgstr "Типове значення: 300"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
+#: sssd-ldap.5.xml:640
msgid "ldap_purge_cache_timeout (integer)"
msgstr "ldap_purge_cache_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
+#: sssd-ldap.5.xml:643
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -3006,55 +3353,55 @@ msgstr ""
"цих записів з метою економії місця."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
+#: sssd-ldap.5.xml:649
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
"Встановлення нульового значення цього параметра вимкне дію з очищення кешу."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
+#: sssd-ldap.5.xml:653
msgid "Default: 10800 (12 hours)"
msgstr "Типове значення: 10800 (12 годин)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
+#: sssd-ldap.5.xml:659
msgid "ldap_user_fullname (string)"
msgstr "ldap_user_fullname (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
+#: sssd-ldap.5.xml:662
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr "Атрибут LDAP, що відповідає повному імені користувача."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
+#: sssd-ldap.5.xml:666 sssd-ldap.5.xml:745 sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:952 sssd-ldap.5.xml:1742 sssd-ldap.5.xml:1960
+#: sssd-ipa.5.xml:441
msgid "Default: cn"
msgstr "Типове значення: cn"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
+#: sssd-ldap.5.xml:672
msgid "ldap_user_member_of (string)"
msgstr "ldap_user_member_of (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
+#: sssd-ldap.5.xml:675
msgid "The LDAP attribute that lists the user's group memberships."
msgstr "Атрибут LDAP зі списком груп, у яких бере участь користувач."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
+#: sssd-ldap.5.xml:679 sssd-ipa.5.xml:345
msgid "Default: memberOf"
msgstr "Типове значення: memberOf"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
+#: sssd-ldap.5.xml:685
msgid "ldap_user_authorized_service (string)"
msgstr "ldap_user_authorized_service (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
+#: sssd-ldap.5.xml:688
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -3065,7 +3412,7 @@ msgstr ""
"LDAP для визначення прав доступу."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
+#: sssd-ldap.5.xml:695
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
@@ -3074,17 +3421,17 @@ msgstr ""
"(svc) і нарешті загальні дозволи або allow_all (*)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:700
msgid "Default: authorizedService"
msgstr "Типове значення: authorizedService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
+#: sssd-ldap.5.xml:706
msgid "ldap_user_authorized_host (string)"
msgstr "ldap_user_authorized_host (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
+#: sssd-ldap.5.xml:709
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -3095,7 +3442,7 @@ msgstr ""
"доступу."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
+#: sssd-ldap.5.xml:715
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
@@ -3104,82 +3451,99 @@ msgstr ""
"(host) і нарешті загальні дозволи або allow_all (*)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
+#: sssd-ldap.5.xml:720
msgid "Default: host"
msgstr "Типове значення: host"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:726
msgid "ldap_group_object_class (string)"
msgstr "ldap_group_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
+#: sssd-ldap.5.xml:729
msgid "The object class of a group entry in LDAP."
msgstr "Клас об’єктів запису групи у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
+#: sssd-ldap.5.xml:732
msgid "Default: posixGroup"
msgstr "Типове значення: posixGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:738
msgid "ldap_group_name (string)"
msgstr "ldap_group_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
+#: sssd-ldap.5.xml:741
msgid "The LDAP attribute that corresponds to the group name."
msgstr "Атрибут LDAP, що відповідає назві групи."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:751
msgid "ldap_group_gid_number (string)"
msgstr "ldap_group_gid_number (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:754
msgid "The LDAP attribute that corresponds to the group's id."
msgstr "Атрибут LDAP, що відповідає ідентифікатору групи."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
+#: sssd-ldap.5.xml:764
msgid "ldap_group_member (string)"
msgstr "ldap_group_member (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
+#: sssd-ldap.5.xml:767
msgid "The LDAP attribute that contains the names of the group's members."
msgstr "Атрибут LDAP, у якому містяться імена учасників групи."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
+#: sssd-ldap.5.xml:771
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr "Типове значення: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
+#: sssd-ldap.5.xml:777
msgid "ldap_group_uuid (string)"
msgstr "ldap_group_uuid (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:780
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта групи LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:790
+#, fuzzy
+#| msgid "ldap_group_object_class (string)"
+msgid "ldap_group_objectsid (string)"
+msgstr "ldap_group_object_class (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:793
+#, fuzzy
+#| msgid ""
+#| "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP group object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта групи LDAP."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:805
msgid "ldap_group_modify_timestamp (string)"
msgstr "ldap_group_modify_timestamp (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:818
msgid "ldap_group_nesting_level (integer)"
msgstr "ldap_group_nesting_level (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:821
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -3191,131 +3555,131 @@ msgstr ""
"параметра буде проігноровано, якщо використано схему RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
+#: sssd-ldap.5.xml:828
msgid "Default: 2"
msgstr "Типове значення: 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:834
msgid "ldap_netgroup_object_class (string)"
msgstr "ldap_netgroup_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
+#: sssd-ldap.5.xml:837
msgid "The object class of a netgroup entry in LDAP."
msgstr "Клас об’єктів запису мережевої групи (netgroup) у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
+#: sssd-ldap.5.xml:840
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr "У надавачі даних IPA має бути використано ipa_netgroup_object_class."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:844
msgid "Default: nisNetgroup"
msgstr "Типове значення: nisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
+#: sssd-ldap.5.xml:850
msgid "ldap_netgroup_name (string)"
msgstr "ldap_netgroup_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
+#: sssd-ldap.5.xml:853
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr "Атрибут LDAP, що відповідає назві мережевої групи (netgroup)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:857
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr "У надавачі даних IPA має бути використано ipa_netgroup_name."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
+#: sssd-ldap.5.xml:867
msgid "ldap_netgroup_member (string)"
msgstr "ldap_netgroup_member (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
+#: sssd-ldap.5.xml:870
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
"Атрибут LDAP, у якому містяться імена учасників мережевої групи (netgroup)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
+#: sssd-ldap.5.xml:874
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr "У надавачі даних IPA має бути використано ipa_netgroup_member."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:878
msgid "Default: memberNisNetgroup"
msgstr "Типове значення: memberNisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:884
msgid "ldap_netgroup_triple (string)"
msgstr "ldap_netgroup_triple (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
+#: sssd-ldap.5.xml:887
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
"Атрибут LDAP, що містить трійки мережевої групи (вузол, користувач, домен)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
+#: sssd-ldap.5.xml:891 sssd-ldap.5.xml:924
msgid "This option is not available in IPA provider."
msgstr "Цим параметром не можна скористатися у надавачі даних IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:894
msgid "Default: nisNetgroupTriple"
msgstr "Типове значення: nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
+#: sssd-ldap.5.xml:900
msgid "ldap_netgroup_uuid (string)"
msgstr "ldap_netgroup_uuid (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
+#: sssd-ldap.5.xml:903
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта мережевої групи LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
+#: sssd-ldap.5.xml:907
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr "У надавачі даних IPA має бути використано ipa_netgroup_uuid."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
+#: sssd-ldap.5.xml:917
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:933
msgid "ldap_service_object_class (string)"
msgstr "ldap_service_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:936
msgid "The object class of a service entry in LDAP."
msgstr "Клас об’єктів запису служби у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:939
msgid "Default: ipService"
msgstr "Типове значення: ipService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:945
msgid "ldap_service_name (string)"
msgstr "ldap_service_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:948
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
@@ -3323,51 +3687,51 @@ msgstr ""
"Атрибут LDAP, що містить назву атрибутів служби та замінників цих атрибутів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
+#: sssd-ldap.5.xml:958
msgid "ldap_service_port (string)"
msgstr "ldap_service_port (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
+#: sssd-ldap.5.xml:961
msgid "The LDAP attribute that contains the port managed by this service."
msgstr "Атрибут LDAP, що містить номер порту, яким керує ця служба."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
+#: sssd-ldap.5.xml:965
msgid "Default: ipServicePort"
msgstr "Типове значення: ipServicePort"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
+#: sssd-ldap.5.xml:971
msgid "ldap_service_proto (string)"
msgstr "ldap_service_proto (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:974
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr "Атрибут LDAP, що містить протоколи, за яким може працювати ця служба."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
+#: sssd-ldap.5.xml:978
msgid "Default: ipServiceProtocol"
msgstr "Типове значення: ipServiceProtocol"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
+#: sssd-ldap.5.xml:984
msgid "ldap_service_search_base (string)"
msgstr "ldap_service_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:987
msgid "An optional base DN to restrict service searches to a specific subtree."
msgstr ""
"Додатковий основний DN для обмеження пошуків служб певною гілкою ієрархії."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
+#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1997 sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2035 sssd-ldap.5.xml:2098 sssd-ldap.5.xml:2120
+#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 sssd-ipa.5.xml:206
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
@@ -3376,19 +3740,19 @@ msgstr ""
"налаштування декількох основ пошуку."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
+#: sssd-ldap.5.xml:996 sssd-ldap.5.xml:2002 sssd-ldap.5.xml:2021
+#: sssd-ldap.5.xml:2040 sssd-ldap.5.xml:2103 sssd-ldap.5.xml:2125
#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr "Типове значення: значення <emphasis>ldap_search_base</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
+#: sssd-ldap.5.xml:1003
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1006
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -3399,7 +3763,7 @@ msgstr ""
"автономного режиму роботи)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
+#: sssd-ldap.5.xml:1012
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -3410,17 +3774,17 @@ msgstr ""
"окремих типів пошуків."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
+#: sssd-ldap.5.xml:1018 sssd-ldap.5.xml:1060 sssd-ldap.5.xml:1075
msgid "Default: 6"
msgstr "Типове значення: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1024
msgid "ldap_enumeration_search_timeout (integer)"
msgstr "ldap_enumeration_search_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1027
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -3430,18 +3794,13 @@ msgstr ""
"користувачів та груп у ldap, перш ніж пошук буде скасовано з поверненням "
"кешованих даних (і переходом до автономного режиму роботи)"
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr "Типове значення: 60"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1040
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1043
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -3458,12 +3817,12 @@ msgstr ""
"citerefentry> повертається до стану бездіяльності."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
+#: sssd-ldap.5.xml:1066
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
+#: sssd-ldap.5.xml:1069
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -3475,12 +3834,12 @@ msgstr ""
"випадку прив’язки SASL."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1081
msgid "ldap_connection_expire_timeout (integer)"
msgstr "ldap_connection_expire_timeout (ціле значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1084
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -3494,17 +3853,17 @@ msgstr ""
"дії TGT)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
+#: sssd-ldap.5.xml:1092
msgid "Default: 900 (15 minutes)"
msgstr "Типове значення: 900 (15 хвилин)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1098
msgid "ldap_page_size (integer)"
msgstr "ldap_page_size (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
+#: sssd-ldap.5.xml:1101
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
@@ -3514,17 +3873,17 @@ msgstr ""
"один запит."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1106
msgid "Default: 1000"
msgstr "Типове значення: 1000"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr "ldap_disable_paging"
+#: sssd-ldap.5.xml:1112
+msgid "ldap_disable_paging (boolean)"
+msgstr "ldap_disable_paging (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1115
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -3535,7 +3894,7 @@ msgstr ""
"RootDSE, але цю підтримку не увімкнено або вона не працює належним чином."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
+#: sssd-ldap.5.xml:1121
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
@@ -3545,7 +3904,7 @@ msgstr ""
"підтримкою не можна скористатися."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1127
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -3555,13 +3914,41 @@ msgstr ""
"процес контролю сторінок для одного з’єднання. У разі значного навантаження "
"це може призвести до відмови у виконанні запитів."
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1133 include/ldap_id_mapping.xml:184
+msgid "Default: False"
+msgstr "Типове значення: False"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1139
+msgid "ldap_sasl_minssf (integer)"
+msgstr "ldap_sasl_minssf (ціле значення)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1142
+msgid ""
+"When communicating with an LDAP server using SASL, specify the minimum "
+"security level necessary to establish the connection. The values of this "
+"option are defined by OpenLDAP."
+msgstr ""
+"Під час обміну даними з сервером LDAP за допомогою SASL визначає мінімальний "
+"рівень захисту, потрібний для встановлення з’єднання. Значення цього "
+"параметра визначається OpenLDAP."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1148
+msgid "Default: Use the system default (usually specified by ldap.conf)"
+msgstr ""
+"Типове значення: типове для системи значення (зазвичай, визначається у ldap."
+"conf)"
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1155
msgid "ldap_deref_threshold (integer)"
msgstr "ldap_deref_threshold (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1158
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -3573,7 +3960,7 @@ msgstr ""
"виконуватиметься окремо."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1164
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
@@ -3581,7 +3968,7 @@ msgstr ""
"(розіменуванням), якщо вкажете значення 0."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1168
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -3594,7 +3981,7 @@ msgstr ""
"OpenLDAP та Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
+#: sssd-ldap.5.xml:1176
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -3605,12 +3992,12 @@ msgstr ""
"незалежно від використання цього параметра."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1189
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
+#: sssd-ldap.5.xml:1192
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
@@ -3620,7 +4007,7 @@ msgstr ""
"таких значень:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1198
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
@@ -3629,7 +4016,7 @@ msgstr ""
"жодних сертифікатів сервера."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
+#: sssd-ldap.5.xml:1202
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3641,7 +4028,7 @@ msgstr ""
"режимі."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1209
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3652,7 +4039,7 @@ msgstr ""
"надано помилковий сертифікат, негайно перервати сеанс."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1215
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3663,22 +4050,22 @@ msgstr ""
"перервати сеанс."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1221
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr "<emphasis>hard</emphasis> = те саме, що і <quote>demand</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1225
msgid "Default: hard"
msgstr "Типове значення: hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
+#: sssd-ldap.5.xml:1231
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
+#: sssd-ldap.5.xml:1234
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
@@ -3687,7 +4074,7 @@ msgstr ""
"розпізнаються <command>sssd</command>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
+#: sssd-ldap.5.xml:1239 sssd-ldap.5.xml:1257 sssd-ldap.5.xml:1298
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
@@ -3696,12 +4083,12 @@ msgstr ""
"у <filename>/etc/openldap/ldap.conf</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1246
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1249
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3714,38 +4101,39 @@ msgstr ""
"<command>cacertdir_rehash</command>, якщо ця програма є доступною."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1264
msgid "ldap_tls_cert (string)"
msgstr "ldap_tls_cert (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1267
msgid "Specifies the file that contains the certificate for the client's key."
msgstr "Визначає файл, який містить сертифікат для ключа клієнта."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1271 sssd-ldap.5.xml:1283 sssd-ldap.5.xml:1344
+#: sssd-ldap.5.xml:2058 sssd-ldap.5.xml:2085 sssd-krb5.5.xml:359
+#: include/ldap_id_mapping.xml:145 include/ldap_id_mapping.xml:156
msgid "Default: not set"
msgstr "Типове значення: not set"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1277
msgid "ldap_tls_key (string)"
msgstr "ldap_tls_key (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1280
msgid "Specifies the file that contains the client's key."
msgstr "Визначає файл, у якому міститься ключ клієнта."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
+#: sssd-ldap.5.xml:1289
msgid "ldap_tls_cipher_suite (string)"
msgstr "ldap_tls_cipher_suite (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
+#: sssd-ldap.5.xml:1292
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3757,12 +4145,12 @@ msgstr ""
"<manvolnum>5</manvolnum></citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1305
msgid "ldap_id_use_start_tls (boolean)"
msgstr "ldap_id_use_start_tls (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1308
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
@@ -3771,12 +4159,32 @@ msgstr ""
"class=\"protocol\">tls</systemitem> для захисту каналу."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1318
+#, fuzzy
+#| msgid "ldap_disable_paging (boolean)"
+msgid "ldap_id_mapping (boolean)"
+msgstr "ldap_disable_paging (булеве значення)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1321
+msgid ""
+"Specifies that SSSD should attempt to map user and group IDs from the "
+"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
+"on ldap_user_uid_number and ldap_group_gid_number."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1327
+msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1337
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1340
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
@@ -3784,18 +4192,13 @@ msgstr ""
"Визначає механізм SASL, який слід використовувати. У поточній версії "
"перевірено і підтримується лише механізм GSSAPI."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr "Типове значення: none"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1350
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
+#: sssd-ldap.5.xml:1353
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
@@ -3805,17 +4208,17 @@ msgstr ""
"використовується для розпізнавання під час доступу до каталогу."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
+#: sssd-ldap.5.xml:1358
msgid "Default: host/machine.fqdn@REALM"
msgstr "Типове значення: вузол/комп’ютер.fqdn@ОБЛАСТЬ"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1364
msgid "ldap_sasl_canonicalize (boolean)"
msgstr "ldap_sasl_canonicalize (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
+#: sssd-ldap.5.xml:1367
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
@@ -3825,34 +4228,34 @@ msgstr ""
"SASL."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
+#: sssd-ldap.5.xml:1372
msgid "Default: false;"
msgstr "Типове значення: false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1378
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
+#: sssd-ldap.5.xml:1381
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr "Визначає таблицю ключів, яку слід використовувати разом з SASL/GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1384
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
"Типове значення: системна таблиця ключів, зазвичай <filename>/etc/krb5."
"keytab</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
+#: sssd-ldap.5.xml:1390
msgid "ldap_krb5_init_creds (boolean)"
msgstr "ldap_krb5_init_creds (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
+#: sssd-ldap.5.xml:1393
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -3863,27 +4266,27 @@ msgstr ""
"механізм GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1405
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1408
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr "Визначає строк дії (у секундах) TGT, якщо використовується GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
+#: sssd-ldap.5.xml:1412
msgid "Default: 86400 (24 hours)"
msgstr "Типове значення: 86400 (24 години)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1418 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr "krb5_server (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1421 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -3902,7 +4305,7 @@ msgstr ""
"про виявлення служб можна дізнатися з розділу «ПОШУК СЛУЖБ»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1433 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -3914,7 +4317,7 @@ msgstr ""
"вдасться знайти."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1438 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -3925,29 +4328,29 @@ msgstr ""
"варто перейти на використання «krb5_server» у файлах налаштувань."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1447 sssd-ipa.5.xml:235 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1450
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr "Вказати область Kerberos (для розпізнавання за SASL/GSSAPI)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
+#: sssd-ldap.5.xml:1453
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
"Типове значення: типове значення системи, див. <filename>/etc/krb5.conf</"
"filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1459 sssd-ipa.5.xml:250 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1462
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
@@ -3957,12 +4360,12 @@ msgstr ""
"версії MIT Kerberos >= 1.7"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
+#: sssd-ldap.5.xml:1474
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
+#: sssd-ldap.5.xml:1477
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
@@ -3971,7 +4374,7 @@ msgstr ""
"використовувати такі значення:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1482
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
@@ -3980,7 +4383,7 @@ msgstr ""
"разі використання цього варіанта перевірку на боці сервера вимкнено не буде."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
+#: sssd-ldap.5.xml:1487
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -3991,7 +4394,7 @@ msgstr ""
"manvolnum></citerefentry> для визначення того, чи чинним є пароль."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
+#: sssd-ldap.5.xml:1493
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -4002,18 +4405,18 @@ msgstr ""
"скористайтеся chpass_provider=krb5 для оновлення цих атрибутів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1505
msgid "ldap_referrals (boolean)"
msgstr "ldap_referrals (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1508
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
"Визначає, чи має бути увімкнено автоматичне визначення напрямків пошуку."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
+#: sssd-ldap.5.xml:1512
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
@@ -4021,29 +4424,43 @@ msgstr ""
"Зауважте, що sssd підтримує визначення напрямків, лише якщо систему зібрано "
"з версією OpenLDAP 2.4.13 або новішою версією."
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1517
+msgid ""
+"Chasing referrals may incur a performance penalty in environments that use "
+"them heavily, a notable example is Microsoft Active Directory. If your setup "
+"does not in fact require the use of referrals, setting this option to false "
+"might bring a noticeable performance improvement."
+msgstr ""
+"Перехід за спрямуваннями може призвести до значних втрат швидкодії у "
+"середовищах, де такі спрямування використовуються широко. Прикладом такого "
+"середовища може бути Microsoft Active Directory. Якщо у вашому середовищі "
+"спрямування не є обов’язковими, встановлення для цього параметра значення "
+"«false» може значно пришвидшити роботу."
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1531
msgid "ldap_dns_service_name (string)"
msgstr "ldap_dns_service_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1534
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
"Визначає назву служби, яку буде використано у разі вмикання визначення служб."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1538
msgid "Default: ldap"
msgstr "Типове значення: ldap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1544
msgid "ldap_chpass_dns_service_name (string)"
msgstr "ldap_chpass_dns_service_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
+#: sssd-ldap.5.xml:1547
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
@@ -4052,38 +4469,38 @@ msgstr ""
"уможливлює зміну паролів, у разі вмикання визначення служб."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1552
msgid "Default: not set, i.e. service discovery is disabled"
msgstr "Типове значення: не встановлено, тобто пошук служб вимкнено"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
+#: sssd-ldap.5.xml:1558
msgid "ldap_access_filter (string)"
msgstr "ldap_access_filter (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1561
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
+"it will result in all users being denied access. Use access_provider = "
+"permit to change this default behavior."
msgstr ""
"Якщо використовується access_provider = ldap, цей параметр є обов’язковим. "
"Він вказує критерії фільтрування LDAP, яким має задовольняти запис "
"користувача для надання доступу до цього вузла. Якщо визначено "
"access_provider = ldap, а цей параметр не встановлено, доступ буде "
"заборонено всім користувачам. Щоб змінити таку типову поведінку системи, "
-"скористайтеся параметром access_provider = allow"
+"скористайтеся параметром access_provider = permit"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:1571 sssd-ldap.5.xml:2061
msgid "Example:"
msgstr "Приклад:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
+#: sssd-ldap.5.xml:1574
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -4095,7 +4512,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1578
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
@@ -4103,7 +4520,7 @@ msgstr ""
"У прикладі доступ до вузла обмежено учасниками групи «allowedusers» у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
+#: sssd-ldap.5.xml:1583
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4117,17 +4534,17 @@ msgstr ""
"таких прав не було надано, у автономному режимі їх також не буде надано."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1591 sssd-ldap.5.xml:1641
msgid "Default: Empty"
msgstr "Типове значення: порожній рядок"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1597
msgid "ldap_account_expire_policy (string)"
msgstr "ldap_account_expire_policy (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1600
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
@@ -4136,7 +4553,7 @@ msgstr ""
"керування доступом на боці клієнта."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1604
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4147,12 +4564,12 @@ msgstr ""
"з відповідним кодом помилки, навіть якщо вказано правильний пароль."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1611
msgid "The following values are allowed:"
msgstr "Можна використовувати такі значення:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1614
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
@@ -4161,7 +4578,7 @@ msgstr ""
"визначити, чи завершено строк дії облікового запису."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1619
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4174,7 +4591,7 @@ msgstr ""
"Також буде перевірено, чи не вичерпано строк дії облікового запису."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1626
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4185,7 +4602,7 @@ msgstr ""
"ldap_ns_account_lock."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
+#: sssd-ldap.5.xml:1632
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4198,30 +4615,30 @@ msgstr ""
"атрибутів, надати доступ."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
+#: sssd-ldap.5.xml:1647
msgid "ldap_access_order (string)"
msgstr "ldap_access_order (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
+#: sssd-ldap.5.xml:1650
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
"Список відокремлених комами параметрів керування доступом. Можливі значення "
"списку:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1654
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr "<emphasis>filter</emphasis>: використовувати ldap_access_filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1657
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
"<emphasis>expire</emphasis>: використовувати ldap_account_expire_policy"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1661
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
@@ -4230,19 +4647,19 @@ msgstr ""
"можливості доступу атрибут authorizedService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
+#: sssd-ldap.5.xml:1666
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
"<emphasis>host</emphasis>: за допомогою цього атрибута вузла можна визначити "
"права доступу"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1670
msgid "Default: filter"
msgstr "Типове значення: filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1673
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
@@ -4251,12 +4668,12 @@ msgstr ""
"використано декілька разів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1680
msgid "ldap_deref (string)"
msgstr "ldap_deref (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
+#: sssd-ldap.5.xml:1683
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
@@ -4265,13 +4682,13 @@ msgstr ""
"пошуку. Можливі такі варіанти:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1688
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
"<emphasis>never</emphasis>: ніколи не виконувати розіменування псевдонімів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1692
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
@@ -4281,7 +4698,7 @@ msgstr ""
"пошуку."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1697
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
@@ -4290,7 +4707,7 @@ msgstr ""
"під час визначення місця основного об’єкта пошуку."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1702
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
@@ -4299,7 +4716,7 @@ msgstr ""
"час пошуку, так і під час визначення місця основного об’єкта пошуку."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1707
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -4323,57 +4740,57 @@ msgstr ""
"<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1718
msgid "SUDO OPTIONS"
msgstr "ПАРАМЕТРИ SUDO"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1723
msgid "ldap_sudorule_object_class (string)"
msgstr "ldap_sudorule_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
+#: sssd-ldap.5.xml:1726
msgid "The object class of a sudo rule entry in LDAP."
msgstr "Клас об’єктів запису правила sudo у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1729
msgid "Default: sudoRole"
msgstr "Типове значення: sudoRole"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1735
msgid "ldap_sudorule_name (string)"
msgstr "ldap_sudorule_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1738
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr "Атрибут LDAP, що відповідає назві правила sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1748
msgid "ldap_sudorule_command (string)"
msgstr "ldap_sudorule_command (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1751
msgid "The LDAP attribute that corresponds to the command name."
msgstr "Атрибут LDAP, що відповідає назві команди."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
+#: sssd-ldap.5.xml:1755
msgid "Default: sudoCommand"
msgstr "Типове значення: sudoCommand"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
+#: sssd-ldap.5.xml:1761
msgid "ldap_sudorule_host (string)"
msgstr "ldap_sudorule_host (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
+#: sssd-ldap.5.xml:1764
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
@@ -4382,17 +4799,17 @@ msgstr ""
"вузла, мережевій групі вузла)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
+#: sssd-ldap.5.xml:1769
msgid "Default: sudoHost"
msgstr "Типове значення: sudoHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1775
msgid "ldap_sudorule_user (string)"
msgstr "ldap_sudorule_user (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
+#: sssd-ldap.5.xml:1778
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
@@ -4401,32 +4818,32 @@ msgstr ""
"або назві мережевої групи користувача)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
+#: sssd-ldap.5.xml:1782
msgid "Default: sudoUser"
msgstr "Типове значення: sudoUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1788
msgid "ldap_sudorule_option (string)"
msgstr "ldap_sudorule_option (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
+#: sssd-ldap.5.xml:1791
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr "Атрибут LDAP, що відповідає параметрам sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
+#: sssd-ldap.5.xml:1795
msgid "Default: sudoOption"
msgstr "Типове значення: sudoOption"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
+#: sssd-ldap.5.xml:1801
msgid "ldap_sudorule_runasuser (string)"
msgstr "ldap_sudorule_runasuser (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1804
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
@@ -4435,17 +4852,17 @@ msgstr ""
"команди."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
+#: sssd-ldap.5.xml:1808
msgid "Default: sudoRunAsUser"
msgstr "Типове значення: sudoRunAsUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
+#: sssd-ldap.5.xml:1814
msgid "ldap_sudorule_runasgroup (string)"
msgstr "ldap_sudorule_runasgroup (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
+#: sssd-ldap.5.xml:1817
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
@@ -4454,17 +4871,17 @@ msgstr ""
"виконувати команди."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
+#: sssd-ldap.5.xml:1821
msgid "Default: sudoRunAsGroup"
msgstr "Типове значення: sudoRunAsGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
+#: sssd-ldap.5.xml:1827
msgid "ldap_sudorule_notbefore (string)"
msgstr "ldap_sudorule_notbefore (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
+#: sssd-ldap.5.xml:1830
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
@@ -4472,49 +4889,49 @@ msgstr ""
"Атрибут LDAP, що відповідає даті і часу набуття чинності правилом sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1834
msgid "Default: sudoNotBefore"
msgstr "Типове значення: sudoNotBefore"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
+#: sssd-ldap.5.xml:1840
msgid "ldap_sudorule_notafter (string)"
msgstr "ldap_sudorule_notafter (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
+#: sssd-ldap.5.xml:1843
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr "Атрибут LDAP, що відповідає даті і часу втрати чинності правилом sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1848
msgid "Default: sudoNotAfter"
msgstr "Типове значення: sudoNotAfter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1854
msgid "ldap_sudorule_order (string)"
msgstr "ldap_sudorule_order (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1857
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr "Атрибут LDAP, що відповідає порядковому номеру правила."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
+#: sssd-ldap.5.xml:1861
msgid "Default: sudoOrder"
msgstr "Типове значення: sudoOrder"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1867
msgid "ldap_sudo_refresh_enabled (boolean)"
msgstr "ldap_sudo_refresh_enabled (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1870
msgid ""
"Enables periodical download of all sudo rules. The cache is purged before "
"each update."
@@ -4523,12 +4940,12 @@ msgstr ""
"з кешу вилучаються."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1880
msgid "ldap_sudo_refresh_timeout (integer)"
msgstr "ldap_sudo_refresh_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
+#: sssd-ldap.5.xml:1883
msgid ""
"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
msgstr ""
@@ -4536,12 +4953,12 @@ msgstr ""
"свого кешу правил sudo."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1721
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1894
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -4554,12 +4971,12 @@ msgstr ""
"refentrytitle><manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1904
msgid "AUTOFS OPTIONS"
msgstr "ПАРАМЕТРИ AUTOFS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
+#: sssd-ldap.5.xml:1906
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
@@ -4568,47 +4985,47 @@ msgstr ""
"визначено у RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1913
msgid "ldap_autofs_map_object_class (string)"
msgstr "ldap_autofs_map_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1916 sssd-ldap.5.xml:1942
msgid "The object class of an automount map entry in LDAP."
msgstr "Клас об’єктів запису карти автоматичного монтування у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1919 sssd-ldap.5.xml:1946
msgid "Default: automountMap"
msgstr "Типове значення: automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
+#: sssd-ldap.5.xml:1926
msgid "ldap_autofs_map_name (string)"
msgstr "ldap_autofs_map_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
+#: sssd-ldap.5.xml:1929
msgid "The name of an automount map entry in LDAP."
msgstr "Назва запису карти автоматичного монтування у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
+#: sssd-ldap.5.xml:1932
msgid "Default: ou"
msgstr "Типове значення: ou"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1939
msgid "ldap_autofs_entry_object_class (string)"
msgstr "ldap_autofs_entry_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1953
msgid "ldap_autofs_entry_key (string)"
msgstr "ldap_autofs_entry_key (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
+#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:1970
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
@@ -4617,17 +5034,17 @@ msgstr ""
"точні монтування."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1967
msgid "ldap_autofs_entry_value (string)"
msgstr "ldap_autofs_entry_value (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1974
msgid "Default: automountInformation"
msgstr "Типове значення: automountInformation"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1911
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -4640,17 +5057,17 @@ msgstr ""
"\"variablelist\" id=\"4\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
+#: sssd-ldap.5.xml:1983
msgid "ADVANCED OPTIONS"
msgstr "ДОДАТКОВІ ПАРАМЕТРИ"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
+#: sssd-ldap.5.xml:1990
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
+#: sssd-ldap.5.xml:1993
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
@@ -4658,35 +5075,35 @@ msgstr ""
"ієрархії."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:2009
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
+#: sssd-ldap.5.xml:2012
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
"Додатковий основний DN для обмеження пошуків користувачів певною гілкою "
"ієрархії."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
+#: sssd-ldap.5.xml:2028
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:2031
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
"Додатковий основний DN для обмеження пошуків групи певною гілкою ієрархії."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:2047
msgid "ldap_user_search_filter (string)"
msgstr "ldap_user_search_filter (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
+#: sssd-ldap.5.xml:2050
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
@@ -4695,7 +5112,7 @@ msgstr ""
"фільтрування LDAP, яким буде обмежено пошук користувачів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
+#: sssd-ldap.5.xml:2054
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
@@ -4704,7 +5121,7 @@ msgstr ""
"використовувати синтаксичні конструкції з ldap_user_search_base."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2064
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -4714,7 +5131,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
+#: sssd-ldap.5.xml:2067
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
@@ -4723,12 +5140,12 @@ msgstr ""
"яких встановлено командну оболонку /bin/tcsh."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2074
msgid "ldap_group_search_filter (string)"
msgstr "ldap_group_search_filter (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
+#: sssd-ldap.5.xml:2077
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
@@ -4737,7 +5154,7 @@ msgstr ""
"фільтрування LDAP, яким буде обмежено пошук груп."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2081
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
@@ -4746,12 +5163,12 @@ msgstr ""
"використовувати синтаксичні конструкції з ldap_group_search_base."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2091
msgid "ldap_sudo_search_base (string)"
msgstr "ldap_sudo_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2094
msgid ""
"An optional base DN to restrict sudo rules searches to a specific subtree."
msgstr ""
@@ -4759,12 +5176,12 @@ msgstr ""
"ієрархії."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
+#: sssd-ldap.5.xml:2113
msgid "ldap_autofs_search_base (string)"
msgstr "ldap_autofs_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
+#: sssd-ldap.5.xml:2116
msgid ""
"An optional base DN to restrict automounter searches to a specific subtree."
msgstr ""
@@ -4772,7 +5189,7 @@ msgstr ""
"певною гілкою ієрархії."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1985
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -4783,7 +5200,7 @@ msgstr ""
"відомі наслідки ваших дій. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2147
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -4794,7 +5211,7 @@ msgstr ""
"</replaceable>."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
+#: sssd-ldap.5.xml:2153
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -4815,19 +5232,19 @@ msgstr ""
" cache_credentials = true\n"
" enumerate = true\n"
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
+#. type: Content of: <refsect1><refsect2><para>
+#: sssd-ldap.5.xml:2152 sssd-simple.5.xml:134 sssd-ipa.5.xml:571
+#: sssd-krb5.5.xml:441 include/ldap_id_mapping.xml:63
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:2166 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr "ЗАУВАЖЕННЯ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
+#: sssd-ldap.5.xml:2168
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -4840,7 +5257,7 @@ msgstr ""
"2.4."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
+#: sssd-ldap.5.xml:2179
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -5531,12 +5948,34 @@ msgstr ""
"користувачів SELinux."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:199
+#, fuzzy
+#| msgid "ipa_hbac_search_base (string)"
+msgid "ipa_subdomains_search_base (string)"
+msgstr "ipa_hbac_search_base (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:202
+#, fuzzy
+#| msgid "Optional. Use the given string as search base for host objects."
+msgid "Optional. Use the given string as search base for trusted domains."
+msgstr ""
+"Необов’язковий. Використати вказаний рядок як основу пошуку об’єктів вузлів."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+#, fuzzy
+#| msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
+msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
+msgstr "Типове значення: значення <emphasis>ldap_search_base</emphasis>"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:218 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr "krb5_validate (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:221 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
@@ -5544,7 +5983,7 @@ msgstr ""
"Перевірити за допомогою krb5_keytab, чи не було підмінено отриманий TGT."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
+#: sssd-ipa.5.xml:228
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -5553,7 +5992,7 @@ msgstr ""
"модуля Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
+#: sssd-ipa.5.xml:238
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
@@ -5562,7 +6001,7 @@ msgstr ""
"«ipa_domain»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:242
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
@@ -5571,7 +6010,7 @@ msgstr ""
"перетворено у основний DN для виконання дій LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
+#: sssd-ipa.5.xml:253
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -5582,12 +6021,12 @@ msgstr ""
"запитів AS. Цю можливість передбачено з версії MIT Kerberos >= 1.7"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
+#: sssd-ipa.5.xml:266
msgid "ipa_hbac_refresh (integer)"
msgstr "ipa_hbac_refresh (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
+#: sssd-ipa.5.xml:269
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -5598,17 +6037,17 @@ msgstr ""
"короткого періоду часу надходить багато запитів щодо керування доступом."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
+#: sssd-ipa.5.xml:276
msgid "Default: 5 (seconds)"
msgstr "Типове значення: 5 (секунд)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
+#: sssd-ipa.5.xml:281
msgid "ipa_hbac_treat_deny_as (string)"
msgstr "ipa_hbac_treat_deny_as (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
+#: sssd-ipa.5.xml:284
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -5622,7 +6061,7 @@ msgstr ""
"періоду передбачено два режими обробки таких правил:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
+#: sssd-ipa.5.xml:293
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
@@ -5631,7 +6070,7 @@ msgstr ""
"DENY, всім користувачам доступ буде заборонено."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
+#: sssd-ipa.5.xml:298
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
@@ -5641,17 +6080,17 @@ msgstr ""
"небажаним користувачам."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
+#: sssd-ipa.5.xml:303
msgid "Default: DENY_ALL"
msgstr "Типове значення: DENY_ALL"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
+#: sssd-ipa.5.xml:308
msgid "ipa_hbac_support_srchost (boolean)"
msgstr "ipa_hbac_support_srchost (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:311
msgid ""
"If this is set to false, then srchost as given to SSSD by PAM will be "
"ignored."
@@ -5660,7 +6099,7 @@ msgstr ""
"даних PAM, буде проігноровано."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
+#: sssd-ipa.5.xml:315
msgid ""
"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
@@ -5670,38 +6109,38 @@ msgstr ""
"буде проігноровано;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
+#: sssd-ipa.5.xml:326
msgid "ipa_automount_location (string)"
msgstr "ipa_automount_location (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
+#: sssd-ipa.5.xml:329
msgid "The automounter location this IPA client will be using"
msgstr ""
"Адреса автоматичного монтування, яку буде використовувати цей клієнт IPA"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
+#: sssd-ipa.5.xml:332
msgid "Default: The location named \"default\""
msgstr "Типове значення: адреса з назвою \"default\""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:338
msgid "ipa_netgroup_member_of (string)"
msgstr "ipa_netgroup_member_of (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
+#: sssd-ipa.5.xml:341
msgid "The LDAP attribute that lists netgroup's memberships."
msgstr "Атрибут LDAP зі списком учасників мережевої групи."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
+#: sssd-ipa.5.xml:350
msgid "ipa_netgroup_member_user (string)"
msgstr "ipa_netgroup_member_user (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
+#: sssd-ipa.5.xml:353
msgid ""
"The LDAP attribute that lists system users and groups that are direct "
"members of the netgroup."
@@ -5710,17 +6149,17 @@ msgstr ""
"учасниками мережевої групи."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:358 sssd-ipa.5.xml:453
msgid "Default: memberUser"
msgstr "Типове значення: memberUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
+#: sssd-ipa.5.xml:363
msgid "ipa_netgroup_member_host (string)"
msgstr "ipa_netgroup_member_host (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:366
msgid ""
"The LDAP attribute that lists hosts and host groups that are direct members "
"of the netgroup."
@@ -5729,17 +6168,17 @@ msgstr ""
"учасниками мережевої групи."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:370 sssd-ipa.5.xml:465
msgid "Default: memberHost"
msgstr "Типове значення: memberHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:375
msgid "ipa_netgroup_member_ext_host (string)"
msgstr "ipa_netgroup_member_ext_host (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
+#: sssd-ipa.5.xml:378
msgid ""
"The LDAP attribute that lists FQDNs of hosts and host groups that are "
"members of the netgroup."
@@ -5748,78 +6187,78 @@ msgstr ""
"мережевої групи."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
+#: sssd-ipa.5.xml:382
msgid "Default: externalHost"
msgstr "Типове значення: externalHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
+#: sssd-ipa.5.xml:387
msgid "ipa_netgroup_domain (string)"
msgstr "ipa_netgroup_domain (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:390
msgid "The LDAP attribute that contains NIS domain name of the netgroup."
msgstr ""
"Атрибут LDAP, у якому міститься доменна назва NIS мережевої групи (netgroup)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
+#: sssd-ipa.5.xml:394
msgid "Default: nisDomainName"
msgstr "Типове значення: nisDomainName"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
+#: sssd-ipa.5.xml:400
msgid "ipa_host_object_class (string)"
msgstr "ipa_host_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
+#: sssd-ipa.5.xml:403 sssd-ipa.5.xml:426
msgid "The object class of a host entry in LDAP."
msgstr "Клас об’єктів запису вузла у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
+#: sssd-ipa.5.xml:406 sssd-ipa.5.xml:429
msgid "Default: ipaHost"
msgstr "Типове значення: ipaHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:411
msgid "ipa_host_fqdn (string)"
msgstr "ipa_host_fqdn (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
+#: sssd-ipa.5.xml:414
msgid "The LDAP attribute that contains FQDN of the host."
msgstr "Атрибут LDAP, що містить FQDN вузла."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
+#: sssd-ipa.5.xml:417
msgid "Default: fqdn"
msgstr "Типове значення: fqdn"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
+#: sssd-ipa.5.xml:423
msgid "ipa_selinux_usermap_object_class (string)"
msgstr "ipa_selinux_usermap_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
+#: sssd-ipa.5.xml:434
msgid "ipa_selinux_usermap_name (string)"
msgstr "ipa_selinux_usermap_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:437
msgid "The LDAP attribute that contains the name of SELinux usermap."
msgstr "Атрибут LDAP, що містить назву карти користувачів SELinux."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:446
msgid "ipa_selinux_usermap_member_user (string)"
msgstr "ipa_selinux_usermap_member_user (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
+#: sssd-ipa.5.xml:449
msgid ""
"The LDAP attribute that contains all users / groups this rule match against."
msgstr ""
@@ -5827,12 +6266,12 @@ msgstr ""
"правило."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
+#: sssd-ipa.5.xml:458
msgid "ipa_selinux_usermap_member_host (string)"
msgstr "ipa_selinux_usermap_member_host (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
+#: sssd-ipa.5.xml:461
msgid ""
"The LDAP attribute that contains all hosts / hostgroups this rule match "
"against."
@@ -5841,12 +6280,12 @@ msgstr ""
"це правило."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:470
msgid "ipa_selinux_usermap_see_also (string)"
msgstr "ipa_selinux_usermap_see_also (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:473
msgid ""
"The LDAP attribute that contains DN of HBAC rule which can be used for "
"matching instead of memberUser and memberHost"
@@ -5855,32 +6294,32 @@ msgstr ""
"для встановлення відповідності замість memberUser і memberHost."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
+#: sssd-ipa.5.xml:478
msgid "Default: seeAlso"
msgstr "Типове значення: seeAlso"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
+#: sssd-ipa.5.xml:483
msgid "ipa_selinux_usermap_selinux_user (string)"
msgstr "ipa_selinux_usermap_selinux_user (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:486
msgid "The LDAP attribute that contains SELinux user string itself."
msgstr "Атрибут LDAP, який містить сам рядок користувача SELinux."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:490
msgid "Default: ipaSELinuxUser"
msgstr "Типове значення: ipaSELinuxUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
+#: sssd-ipa.5.xml:495
msgid "ipa_selinux_usermap_enabled (string)"
msgstr "ipa_selinux_usermap_enabled (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
+#: sssd-ipa.5.xml:498
msgid ""
"The LDAP attribute that contains whether or not is user map enabled for "
"usage."
@@ -5889,72 +6328,72 @@ msgstr ""
"користувачів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:502
msgid "Default: ipaEnabledFlag"
msgstr "Типове значення: ipaEnabledFlag"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
+#: sssd-ipa.5.xml:507
msgid "ipa_selinux_usermap_user_category (string)"
msgstr "ipa_selinux_usermap_user_category (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:510
msgid "The LDAP attribute that contains user category such as 'all'."
msgstr "Атрибут LDAP, що містить категорію користувачів, зокрема 'all'."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
+#: sssd-ipa.5.xml:514
msgid "Default: userCategory"
msgstr "Типове значення: userCategory"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:519
msgid "ipa_selinux_usermap_host_category (string)"
msgstr "ipa_selinux_usermap_host_category (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:522
msgid "The LDAP attribute that contains host category such as 'all'."
msgstr "Атрибут LDAP, що містить категорію вузлів, зокрема 'all'."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
+#: sssd-ipa.5.xml:526
msgid "Default: hostCategory"
msgstr "Типове значення: hostCategory"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:531
msgid "ipa_selinux_usermap_uuid (string)"
msgstr "ipa_selinux_usermap_uuid (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
+#: sssd-ipa.5.xml:534
msgid "The LDAP attribute that contains unique ID of the user map."
msgstr "Атрибут LDAP, що містить унікальний ідентифікатор карти користувачів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
+#: sssd-ipa.5.xml:538
msgid "Default: ipaUniqueID"
msgstr "Типове значення: ipaUniqueID"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
+#: sssd-ipa.5.xml:543
msgid "ipa_host_ssh_public_key (string)"
msgstr "ipa_host_ssh_public_key (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
+#: sssd-ipa.5.xml:546
msgid "The LDAP attribute that contains the host's SSH public keys."
msgstr "Атрибут LDAP, який містить відкриті ключі SSH вузла."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:550
msgid "Default: ipaSshPubKey"
msgstr "Типове значення: ipaSshPubKey"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:565
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -5966,7 +6405,7 @@ msgstr ""
"ipa."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:572
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -5980,7 +6419,7 @@ msgstr ""
" ipa_hostname = myhost.example.com\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
+#: sssd-ipa.5.xml:583
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -6083,11 +6522,6 @@ msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
msgstr ""
"<emphasis>0</emphasis>: вимкнути додавання мікросекунд до часової позначки"
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Типове значення: 0"
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:85
msgid "<option>-f</option>,<option>--debug-to-files</option>"
@@ -6569,7 +7003,7 @@ msgstr ""
"Якщо не вказано, буде використано типового користувача системи."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
+#: sss_useradd.8.xml:171
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -7177,7 +7611,7 @@ msgstr ""
"вибере його автоматично."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
+#: sss_groupadd.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -7287,7 +7721,7 @@ msgstr ""
"яких є цей користувач."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
+#: sss_userdel.8.xml:97
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -7340,7 +7774,7 @@ msgstr ""
"аргументу <replaceable>ГРУПА</replaceable>, з системи."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
+#: sss_groupdel.8.xml:50
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -7412,7 +7846,7 @@ msgstr ""
"безпосередніх батьківських груп."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
+#: sss_groupshow.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -7522,7 +7956,7 @@ msgid "The SELinux user for the user's login."
msgstr "Ім’я користувача SELinux, що відповідає імені для входу до системи."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
+#: sss_usermod.8.xml:142
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -7660,6 +8094,88 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:108
+#, fuzzy
+#| msgid ""
+#| "<option>-u</option>,<option>--user</option> <replaceable>login</"
+#| "replaceable>"
+msgid ""
+"<option>-s</option>,<option>--service</option> <replaceable>service</"
+"replaceable>"
+msgstr ""
+"<option>-u</option>,<option>--user</option> <replaceable>реєстраційні дані</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:113
+#, fuzzy
+#| msgid "Invalidate specific user."
+msgid "Invalidate specific service."
+msgstr "Скасувати визначення вказаного користувача."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:119
+#, fuzzy
+#| msgid "<option>-U</option>,<option>--users</option>"
+msgid "<option>-S</option>,<option>--services</option>"
+msgstr "<option>-U</option>,<option>--users</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:123
+#, fuzzy
+#| msgid ""
+#| "Invalidate all user records. This option overrides invalidation of "
+#| "specific user if it was also set."
+msgid ""
+"Invalidate all service records. This option overrides invalidation of "
+"specific service if it was also set."
+msgstr ""
+"Скасувати визначення всіх записів. Цей параметр має вищий пріоритет за "
+"параметр скасування визначення для будь-якого користувача, якщо такий "
+"параметр вказано."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:130
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+#| "replaceable>"
+msgid ""
+"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
+"replaceable>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>домен</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:135
+#, fuzzy
+#| msgid "Invalidate specific user."
+msgid "Invalidate specific autofs maps."
+msgstr "Скасувати визначення вказаного користувача."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:141
+#, fuzzy
+#| msgid "<option>-U</option>,<option>--users</option>"
+msgid "<option>-A</option>,<option>--autofs-maps</option>"
+msgstr "<option>-U</option>,<option>--users</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:145
+#, fuzzy
+#| msgid ""
+#| "Invalidate all user records. This option overrides invalidation of "
+#| "specific user if it was also set."
+msgid ""
+"Invalidate all autofs maps. This option overrides invalidation of specific "
+"map if it was also set."
+msgstr ""
+"Скасувати визначення всіх записів. Цей параметр має вищий пріоритет за "
+"параметр скасування визначення для будь-якого користувача, якщо такий "
+"параметр вказано."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:152
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
"replaceable>"
@@ -7668,7 +8184,7 @@ msgstr ""
"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:113
+#: sss_cache.8.xml:157
msgid "Restrict invalidation process only to a particular domain."
msgstr "Обмежити процедуру скасування визначення лише певним доменом."
@@ -7967,7 +8483,7 @@ msgstr ""
"основі даних, отриманих у відповідь на спеціальний запит до DNS."
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
msgid "Configuration"
msgstr "Налаштування"
@@ -8120,6 +8636,253 @@ msgstr ""
"Якщо список комп’ютерів буде вичерпано, основний модуль перейде у режим "
"автономної роботи і повторюватиме спроби з’єднання кожні 30 секунд."
+#. type: Content of: <refsect1><title>
+#: include/ldap_id_mapping.xml:2
+msgid "ID MAPPING"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:4
+msgid ""
+"The ID-mapping feature allows SSSD to act as a client of Active Directory "
+"without requiring administrators to extend user attributes to support POSIX "
+"attributes for user and group identifiers."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:9
+msgid ""
+"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are "
+"ignored. This is to avoid the possibility of conflicts between automatically-"
+"assigned and manually-assigned values. If you need to use manually-assigned "
+"values, ALL values must be manually-assigned."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:17
+msgid "Mapping Algorithm"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:19
+msgid ""
+"Active Directory provides an objectSID for every user and group object in "
+"the directory. This objectSID can be broken up into components that "
+"represent the Active Directory domain identity and the relative identifier "
+"(RID) of the user or group object."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:25
+msgid ""
+"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
+"into equally-sized component sections - called \"slices\"-. Each slice "
+"represents the space available to an Active Directory domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:31
+msgid ""
+"When a user or group entry for a particular domain is encountered for the "
+"first time, the SSSD allocates one of the available slices for that domain. "
+"In order to make this slice-assignment repeatable on different client "
+"machines, we select the slice based on the following algorithm:"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:38
+msgid ""
+"The SID string is passed through the murmurhash3 algorithm to convert it to "
+"a 32-bit hashed value. We then take the modulus of this value with the total "
+"number of available slices to pick the slice."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:44
+msgid ""
+"NOTE: It is possible to encounter collisions in the hash and subsequent "
+"modulus. In these situations, we will select the next available slice, but "
+"it may not be possible to reproduce the same exact set of slices on other "
+"machines (since the order that they are encountered will determine their "
+"slice). In this situation, it is recommended to either switch to using "
+"explicit POSIX attributes in Active Directory (disabling ID-mapping) or "
+"configure a default domain to guarantee that at least one is always "
+"consistent. See <quote>Configuration</quote> for details."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:59
+msgid ""
+"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><programlisting>
+#: include/ldap_id_mapping.xml:64
+#, no-wrap
+msgid ""
+"ldap_id_mapping = True\n"
+"ldap_schema = ad\n"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:69
+msgid ""
+"The default configuration results in configuring 10,000 slices, each capable "
+"of holding up to 200,000 IDs, starting from 10,001 and going up to "
+"2,000,100,000. This should be sufficient for most deployments."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><title>
+#: include/ldap_id_mapping.xml:75
+#, fuzzy
+#| msgid "Configuration"
+msgid "Advanced Configuration"
+msgstr "Налаштування"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:78
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_range_min (integer)"
+msgstr "ldap_page_size (ціле число)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:81
+msgid ""
+"Specifies the lower bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:85
+msgid ""
+"NOTE: This option is different from <quote>id_mn</quote> in that "
+"<quote>id_min</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_min</"
+"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:95
+#, fuzzy
+#| msgid "Default: 1000"
+msgid "Default: 10001"
+msgstr "Типове значення: 1000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:100
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_range_max (integer)"
+msgstr "ldap_page_size (ціле число)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:103
+msgid ""
+"Specifies the upper bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:107
+msgid ""
+"NOTE: This option is different from <quote>id_max</quote> in that "
+"<quote>id_max</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_max</"
+"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:117
+#, fuzzy
+#| msgid "Default: 1000"
+msgid "Default: 2000100000"
+msgstr "Типове значення: 1000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:122
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_range_size (integer)"
+msgstr "ldap_page_size (ціле число)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:125
+msgid ""
+"Specifies the number of IDs available for each slice. If the range size "
+"does not divide evenly into the min and max values, it will create as many "
+"complete slices as it can."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:131
+#, fuzzy
+#| msgid "Default: 1000"
+msgid "Default: 200000"
+msgstr "Типове значення: 1000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:136
+#, fuzzy
+#| msgid "ldap_default_bind_dn (string)"
+msgid "ldap_idmap_default_domain_sid (string)"
+msgstr "ldap_default_bind_dn (рядок)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:139
+msgid ""
+"Specify the domain SID of the default domain. This will guarantee that this "
+"domain will always be assigned to slice zero in the ID map, bypassing the "
+"murmurhash algorithm described above."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:150
+#, fuzzy
+#| msgid "ldap_default_bind_dn (string)"
+msgid "ldap_idmap_default_domain (string)"
+msgstr "ldap_default_bind_dn (рядок)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:153
+#, fuzzy
+#| msgid "The type of the authentication token of the default bind DN."
+msgid "Specify the name of the default domain."
+msgstr "Тип розпізнавання для типової назви сервера прив’язки."
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:161
+#, fuzzy
+#| msgid "ldap_id_use_start_tls (boolean)"
+msgid "ldap_idmap_autorid_compat (boolean)"
+msgstr "ldap_id_use_start_tls (булеве значення)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:164
+msgid ""
+"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
+"winbind's <quote>idmap_autorid</quote> algorithm."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:169
+msgid ""
+"When this option is configured, domains will be allocated starting with "
+"slice zero and increasing monatomically with each additional domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:174
+msgid ""
+"NOTE: This algorithm is non-deterministic (it depends on the order that "
+"users and groups are requested). If this mode is required for compatibility "
+"with machines running winbind, it is recommended to also use the "
+"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at "
+"least one domain is consistently allocated to slice zero."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-h</option>,<option>--help</option>"
@@ -8272,3 +9035,44 @@ msgstr ""
"<emphasis> Цю можливість ще не перевірено достатнім чином. Будь ласка, якщо "
"помітите якісь вади, повідомте про них за допомогою настанов на сторінці "
"http://fedorahosted.org/sssd. </emphasis>"
+
+#. type: Content of: <refsect1><title>
+#: include/local.xml:2
+msgid "THE LOCAL DOMAIN"
+msgstr "ЛОКАЛЬНИЙ ДОМЕН"
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:4
+msgid ""
+"In order to function correctly, a domain with <quote>id_provider=local</"
+"quote> must be created and the SSSD must be running."
+msgstr ""
+"З метою забезпечення належної роботи слід створити домен з "
+"<quote>id_provider=local</quote> та запустити SSSD."
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:9
+msgid ""
+"The administrator might want to use the SSSD local users instead of "
+"traditional UNIX users in cases where the group nesting (see <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>) is needed. The local users are also useful for testing and "
+"development of the SSSD without having to deploy a full remote server. The "
+"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
+"local LDB storage to store users and groups."
+msgstr ""
+"Адміністратор може надати перевагу використанню локальних записів "
+"користувачів SSSD замість традиційних записів користувачів UNIX, якщо для "
+"роботи потрібна вкладеність груп (див. <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>). Використання локальних записів може також бути корисним для "
+"тестування та розробки програмного забезпечення з підтримкою SSSD (у такому "
+"разі не потрібно розгортати повноцінний віддалений сервер). Інструменти "
+"<command>sss_user*</command> та <command>sss_group*</command> використовують "
+"для зберігання записів користувачів і груп локальне сховище даних LDB."
+
+#~ msgid "Default: 7"
+#~ msgstr "Типове значення: 7"
+
+#~ msgid "<quote>permit</quote> always allow access."
+#~ msgstr "<quote>permit</quote> — завжди дозволяти доступ."
generated by cgit (git 2.34.1) at 2024-04-18 06:23:54 +0000